A medium-severity vulnerability in Palo Alto Networks' PAN-OS, identified as CVE-2025-0111, is currently being exploited in the wild. This flaw, which has been added to CISA's Known Exploited Vulnerabilities (KEV) catalog, affects the Cloud NGFW product and allows authenticated attackers with network access to the management web interface to read files on the PAN-OS filesystem that are accessible by the "nobody" user.
The vulnerability, published on February 12, 2025, has a CVSS score of 6.5 and an Exploit Prediction Scoring System (EPSS) score of 0.037, indicating a moderate risk. Despite its medium severity, the vulnerability's active exploitation in the wild within just over a week of disclosure underscores the urgency for organizations to address it promptly.
The flaw is categorized under CWE-73 and CWE-610, which relate to improper restriction of XML external entity references and insufficient encryption strength, respectively. This vulnerability requires attackers to have authenticated access, which somewhat limits its exploitation scope but still poses a significant risk due to the potential exposure of sensitive file contents.
Palo Alto Networks has acknowledged the active exploitation of this vulnerability and advises users to apply available patches and implement recommended security measures to mitigate the risk. Organizations using affected versions of PAN-OS should prioritize patching and review their access controls to ensure that only authorized users can access the management web interface.
Security teams should monitor for any unusual activity that might indicate exploitation attempts and ensure that their systems are updated to the latest security patches provided by Palo Alto Networks.
CSURFACE