CVE-2025-0109 — External Control of File Name or Path in Palo Alto Networks Pan-os

CWE-73 — External Control of File Name or Path4 documents4 sources

Severity

6.9MEDIUMNVD

EPSS

0.1%

top 66.58%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Palo Alto Networks Pan-os Paloalto Cloud Ngfw Paloalto Pan-os +1 more

Timeline

PublishedFeb 12

Description

An unauthenticated file deletion vulnerability in the Palo Alto Networks PAN-OS management web interface enables an unauthenticated attacker with network access to the management web interface to delete certain files as the “nobody” user; this includes limited logs and configuration files but does not include system files. You can greatly reduce the risk of this issue by restricting access to the management web interface to only trusted internal IP addresses according to our recommended best p…

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Affected Packages4 packages

▶Palo Altopaloalto/prisma_access

▶CVEListV5palo_alto_networks/pan-os10.1.0 — 10.1.14-h9+3

▶Palo Altopaloalto/cloud_ngfw

▶Palo Altopaloalto/pan-os

🔴Vulnerability Details

GHSA

GHSA-g2v4-64gq-v8vx: An unauthenticated file deletion vulnerability in the Palo Alto Networks PAN-OS management web interface enables an unauthenticated attacker with netw↗2025-02-12

▶

CVEList

PAN-OS: Unauthenticated File Deletion Vulnerability on the Management Web Interface↗2025-02-12

▶

📋Vendor Advisories

Palo Alto

PAN-OS: Unauthenticated File Deletion Vulnerability on the Management Web Interface↗

▶