PatchSiren cyber security CVE debrief
CVE-2025-0115 Palo Alto Networks CVE debrief
CVE-2025-0115 is a medium-severity vulnerability (CVSS 5.5) affecting Palo Alto Networks PAN-OS software as deployed on Siemens RUGGEDCOM APE1808 devices. Published on 2024-11-22 and last modified on 2025-06-10, this vulnerability enables an authenticated administrator with PAN-OS CLI access to read arbitrary files on the system. Exploitation requires network access to the management interface (web, SSH, console, or telnet) and successful authentication, limiting the attack surface to privileged, authenticated users. The vulnerability was added to the CISA ICS advisory ICSA-24-338-02 on 2025-04-08 as part of revision 1.4, which also updated remediation guidance for the RUGGEDCOM APE1808 platform. While not listed in CISA's Known Exploited Vulnerabilities catalog, organizations should prioritize patching given the sensitive nature of file disclosure vulnerabilities in network security appliances.
- Vendor
- Palo Alto Networks
- Product
- RUGGEDCOM APE1808
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-11-22
- Original CVE updated
- 2025-06-10
- Advisory published
- 2024-11-22
- Advisory updated
- 2025-06-10
Who should care
Organizations operating Siemens RUGGEDCOM APE1808 industrial networking devices with Palo Alto Networks Virtual NGFW deployments, particularly in critical infrastructure and OT environments. Security teams responsible for firewall administration, industrial control system security, and network segmentation should prioritize this vulnerability. Additionally, compliance officers in regulated industries should track remediation status given the file disclosure risk to sensitive network security configurations.
Technical summary
The vulnerability exists in the PAN-OS CLI implementation, where an authenticated administrative user can leverage CLI functionality to read arbitrary files on the underlying system. This represents an information disclosure weakness that could expose sensitive configuration data, credentials, or system files to an attacker who has already compromised administrative credentials or has legitimate admin access. The attack vector is local in scope (CVSS:3.1/AV:L) with low attack complexity and low privileges required, but no user interaction needed. The confidentiality impact is rated high while integrity and availability impacts are none. The vulnerability specifically affects RUGGEDCOM APE1808 devices running Palo Alto Networks Virtual NGFW, with remediation available through upgrade to version 11.1.8.
Defensive priority
medium
Recommended defensive actions
- Upgrade Palo Alto Networks Virtual NGFW to version 11.1.8; contact customer support to obtain patch and update information
- Restrict management interface access to trusted internal IP addresses to reduce exposure
- Monitor for unauthorized CLI access attempts on PAN-OS management interfaces
- Review administrative account activity for anomalous file access patterns
- Apply defense-in-depth controls per ICS-CERT recommended practices for industrial control systems
Evidence notes
CVE description and remediation details sourced from CISA CSAF advisory ICSA-24-338-02. Timeline derived from revision history showing CVE-2025-0115 added in revision 1.4 dated 2025-04-08. CVSS score and severity from supplied CVE metadata. Product attribution to Siemens RUGGEDCOM APE1808 with Palo Alto Networks Virtual NGFW confirmed through CSAF product tree and remediation instructions.
Official resources
-
CVE-2025-0115 CVE record
CVE.org
-
CVE-2025-0115 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-11-22