1. Home
  2. Mapping Frameworks
  3. Known Exploited Vulnerabilities Home
  4. Palo Alto Networks PAN-OS File Read Vulnerability

Known Exploited Vulnerabilities CVE-2025-0111

Palo Alto Networks PAN-OS contains an external control of file name or path vulnerability. Successful exploitation enables an authenticated attacker with network access to the management web interface to read files on the PAN-OS filesystem that are readable by the “nobody” user.

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name Notes
CVE-2025-0111 Palo Alto Networks PAN-OS File Read Vulnerability exploitation_technique T1068 Exploitation for Privilege Escalation
Comments
This exploit is part of a chain of exploits (with CVE-2025-0108 and CVE-2024-9474) that can end with an attacker gaining root access to the system. After bypassing authentication with CVE-2025-0108, the attacker can exploit this to gain read access to system files with "nobody" privileges.
References
  1. https://www.armis.com/threat-alert/breaking-down-palo-alto-networks-pan-os-vulnerability/
CVE-2025-0111 Palo Alto Networks PAN-OS File Read Vulnerability primary_impact T1005 Data from Local System
Comments
This exploit is part of a chain of exploits (with CVE-2025-0108 and CVE-2024-9474) that can end with an attacker gaining root access to the system. After bypassing authentication with CVE-2025-0108, the attacker can exploit this to gain read access to system files with "nobody" privileges.
References
  1. https://www.armis.com/threat-alert/breaking-down-palo-alto-networks-pan-os-vulnerability/