How severe is CVE-2025-0115?

This vulnerability has a severity rating of MEDIUM with a CVSS score of N/A out of 10.

What type of vulnerability is CVE-2025-0115?

This is classified as CWE-41, which is a common weakness in software security.

CVE-2025-0115 - MEDIUM Severity | CVSS N/A

Vulnerability Description

A vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated admin on the PAN-OS CLI to read arbitrary files. The attacker must have network access to the management interface (web, SSH, console, or telnet) and successfully authenticate to exploit this issue. You can greatly reduce the risk of this issue by restricting access to the management interface to only trusted users and internal IP addresses according to our recommended critical deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 . This issue does not affect Cloud NGFW or Prisma Access.

Related Vulnerabilities

CVE-2025-21332

HIGH

CVSS:8.8(High)

MapUrlToZone Security Feature Bypass Vulnerability

CWE-412025

CVE-2025-24470

HIGH

CVSS:8.6(High)

An Improper Resolution of Path Equivalence vulnerability [CWE-41] in FortiPortal 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.11 may allow a remote unauthenticated attacker to retrieve ...

CWE-412025

CVE-2023-36396

HIGH

CVSS:7.8(High)

Windows Compressed Folder Remote Code Execution Vulnerability

CWE-412023

CVE-2024-30073

HIGH

CVSS:7.8(High)

Windows Security Zone Mapping Security Feature Bypass Vulnerability

CWE-412024

CVE-2022-0855

HIGH

CVSS:7.4(High)

Improper Resolution of Path Equivalence in GitHub repository microweber-dev/whmcs_plugin prior to 0.0.4.

CWE-412022

CVE-2024-8765

HIGH

CVSS:7.3(High)

In lunary-ai/lunary, the privilege check mechanism is flawed in version git afc5df4. The system incorrectly identifies certain endpoints as public if the path contains '/auth/' anywhere within it. Thi...

CWE-412024