How severe is CVE-2025-0111?

This vulnerability has a severity rating of HIGH with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2025-0111?

This is classified as CWE-73, which is a common weakness in software security.

CVE-2025-0111

HIGH Year: 2025

CVSS v3 Score

6.5

Medium

Weakness Type

CWE-73

View all →

Vulnerability Description

An authenticated file read vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated attacker with network access to the management web interface to read files on the PAN-OS filesystem that are readable by the “nobody” user. You can greatly reduce the risk of this issue by restricting access to the management web interface to only trusted internal IP addresses according to our recommended best practices deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 . This issue does not affect Cloud NGFW or Prisma Access software.

CVE-2020-2003

MEDIUM

CVSS:6.5(Medium)

An external control of filename vulnerability in the command processing of PAN-OS allows an authenticated administrator to delete arbitrary system files affecting the integrity of the system or causin...

CWE-732020

CVE-2021-27250

MEDIUM

CVSS:6.5(Medium)

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of D-Link DAP-2020 v1.01rc001 Wi-Fi access points. Authentication is not required to ex...

CWE-732021

CVE-2022-0593

MEDIUM

CVSS:6.5(Medium)

The Login with phone number WordPress plugin before 1.3.7 includes a file delete.php with no form of authentication or authorization checks placed in the plugin directory, allowing unauthenticated use...

CWE-732022

CVE-2022-20789

MEDIUM

CVSS:6.5(Medium)

A vulnerability in the software upgrade process of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an...

CWE-732022

CVE-2022-23536

MEDIUM

CVSS:6.5(Medium)

Cortex provides multi-tenant, long term storage for Prometheus. A local file inclusion vulnerability exists in Cortex versions 1.13.0, 1.13.1 and 1.14.0, where a malicious actor could remotely read lo...

CWE-732022

CVE-2022-2638

MEDIUM

CVSS:6.5(Medium)

The Export All URLs WordPress plugin before 4.4 does not validate the path of the file to be removed on the system which is supposed to be the CSV file. This could allow high privilege users to delete...

CWE-732022

CVE-2025-0111

Vulnerability Description

Related Vulnerabilities

CVE-2020-2003

CVE-2021-27250

CVE-2022-0593

CVE-2022-20789

CVE-2022-23536

CVE-2022-2638