{"document":{"category":"csaf_vex","csaf_version":"2.1","notes":[{"category":"summary","text":"Palo Alto Networks PSIRT provided VEX document. This document is autogenerated.","title":"PAN-OS OpenConfig Plugin: Command Injection Vulnerability in OpenConfig Plugin"}],"publisher":{"category":"vendor","name":"Palo Alto Networks","namespace":"https://security.paloaltonetworks.com"},"title":"Palo Alto Networks PSIRT provided VEX document: CVE-2025-0110","distribution":{"text":"Copyright © 2024 Palo Alto Networks. All rights reserved.","tlp":{"label":"CLEAR","url":"https://www.first.org/tlp/"}},"tracking":{"current_release_date":"2026-04-11T00:52:44.425Z","generator":{"date":"2026-04-11T00:52:44.425Z","engine":{"name":"Vulnogram","version":"0.1.0-dev"}},"id":"CVE-2025-0110","initial_release_date":"2025-02-12T17:00:00.000Z","revision_history":[{"number":"1","date":"2025-02-12T09:00:00.000Z","summary":"Initial Publication"},{"number":"2","date":"2025-02-21T09:10:00.000Z","summary":"Updated the exploit status section"}],"status":"final","version":"1"}},"product_tree":{"branches":[{"name":"Palo Alto Networks","category":"vendor","branches":[{"name":"PAN-OS OpenConfig Plugin","category":"product_name","branches":[{"category":"product_version_range","name":"vers:generic/PAN-OS OpenConfig Plugin<2.1.2","product":{"name":"Palo Alto Networks PAN-OS OpenConfig Plugin","product_id":"PANW-PAN-OS-OpenConfig-Plugin-1"}},{"category":"product_version_range","name":"vers:generic/PAN-OS OpenConfig Plugin>=2.1.2","product":{"name":"Palo Alto Networks PAN-OS OpenConfig Plugin","product_id":"PANW-PAN-OS-OpenConfig-Plugin-1"}}]}]}]},"vulnerabilities":[{"cve":"CVE-2025-0110","product_status":{"fixed":["PANW-PAN-OS-OpenConfig-Plugin-1"],"known_affected":["PANW-PAN-OS-OpenConfig-Plugin-1"]},"notes":[{"category":"description","text":"A command injection vulnerability in the Palo Alto Networks PAN-OS OpenConfig plugin enables an authenticated administrator with the ability to make gNMI requests to the PAN-OS management web interface to bypass system restrictions and run arbitrary commands. The commands are run as the “root” user on the firewall.\n\nYou can greatly reduce the risk of this issue by restricting access to the management web interface to only trusted internal IP addresses according to our recommended best practices deployment guidelines (https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431)."}],"references":[{"category":"external","summary":"NVD - CVE-2025-0110","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-0110"},{"category":"self","summary":"Palo Alto Networks Security Advisory CVE-2025-0110","url":"https://security.paloaltonetworks.com/CVE-2025-0110"}],"threats":[{"category":"impact","description":"A command injection vulnerability in the Palo Alto Networks PAN-OS OpenConfig plugin enables an authenticated administrator with the ability to make gNMI requests to the PAN-OS management web interface to bypass system restrictions and run arbitrary commands. The commands are run as the “root” user on the firewall.\n\nYou can greatly reduce the risk of this issue by restricting access to the management web interface to only trusted internal IP addresses according to our recommended best practices deployment guidelines (https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431)."}],"scores":[{"cvss_v4":{"version":"4.0","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","subConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","subIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subAvailabilityImpact":"NONE","Safety":"NOT_DEFINED","Automatable":"NO","Recovery":"USER","valueDensity":"CONCENTRATED","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"AMBER","exploitMaturity":"POC","baseSeverity":"HIGH","baseScore":8.6,"threatSeverity":"HIGH","threatScore":7.3,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/AU:N/R:U/V:C/RE:M/U:Amber"},"products":["PANW-PAN-OS-OpenConfig-Plugin-1"]},{"cvss_v4":{"version":"4.0","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","subConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","subIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subAvailabilityImpact":"NONE","Safety":"NOT_DEFINED","Automatable":"NO","Recovery":"USER","valueDensity":"CONCENTRATED","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"AMBER","exploitMaturity":"POC","baseSeverity":"HIGH","baseScore":7.5,"threatSeverity":"MEDIUM","threatScore":6.6,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/AU:N/R:U/V:C/RE:M/U:Amber"},"products":["PANW-PAN-OS-OpenConfig-Plugin-1"]}]}]}