Is CVE-2025-0124 actively exploited?

CVE-2025-0124 has no public evidence of in-the-wild exploitation as of 2025-10-02.

What is the CVSS score for CVE-2025-0124?

CVE-2025-0124 has a CVSS score of 5.1 (MEDIUM severity). Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:C/RE:M/U:Amber.

How do I patch CVE-2025-0124?

Patch guidance is available from paloaltonetworks security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2025-0124.

CVE-2025-0124 - remediation guidance & executive summary

Q: Which products are affected by CVE-2025-0124?

16 products: paloaltonetworks pan-os, paloaltonetworks pan-os, paloaltonetworks pan-os, paloaltonetworks pan-os, paloaltonetworks pan-os, and 11 more.

Description

An authenticated file deletion vulnerability in the Palo Alto Networks PAN-OS® software enables an authenticated attacker with network access to the management web interface to delete certain files as the “nobody” user; this includes limited logs and configuration files but does not include system files. The attacker must have network access to the management web interface to exploit this issue. You greatly reduce the risk of this issue by restricting access to the management web interface to only trusted internal IP addresses according to our recommended critical deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 . This issue affects Cloud NGFW. However, this issue does not affect Prisma® Access software.

CVSS Metrics

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:C/RE:M/U:Amber
Attack Vector: network
Complexity: low
Privileges: high
User Action: none
Confidentiality: undefined
Integrity: undefined
Availability: undefined
Weaknesses: CWE-73

Metadata

Primary Vendor: PALOALTONETWORKS
Published: 4/11/2025
Last Modified: 10/2/2025
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

paloaltonetworks : pan-ospaloaltonetworks : pan-ospaloaltonetworks : pan-ospaloaltonetworks : pan-ospaloaltonetworks : pan-ospaloaltonetworks : pan-ospaloaltonetworks : pan-ospaloaltonetworks : pan-ospaloaltonetworks : pan-ospaloaltonetworks : pan-ospaloaltonetworks : pan-ospaloaltonetworks : pan-ospaloaltonetworks : pan-ospaloaltonetworks : pan-ospaloaltonetworks : pan-ospaloaltonetworks : pan-os

Remediation Guidance

Executive Summary

View on NIST NVD