CVE-2025-0110

UNKNOWN 0.0

PAN-OS OpenConfig Plugin: Command Injection Vulnerability in OpenConfig Plugin

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

A command injection vulnerability in the Palo Alto Networks PAN-OS OpenConfig plugin enables an authenticated administrator with the ability to make gNMI requests to the PAN-OS management web interface to bypass system restrictions and run arbitrary commands. The commands are run as the “__openconfig” user (which has the Device Administrator role) on the firewall. You can greatly reduce the risk of this issue by restricting access to the management web interface to only trusted internal IP addresses according to our recommended best practices deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 .

CWE	CWE-78
Vendor	palo alto networks
Product	pan-os openconfig plugin
Published	Feb 12, 2025
Last Updated	Feb 26, 2026

Stay Ahead of the Next One

Get instant alerts for palo alto networks pan-os openconfig plugin

Be the first to know when new unknown vulnerabilities affecting palo alto networks pan-os openconfig plugin are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Palo Alto Networks / PAN-OS OpenConfig Plugin

1.0.0 < 2.1.2

References

NVD ↗ CVE.org ↗ EPSS Data ↗

security.paloaltonetworks.com: https://security.paloaltonetworks.com/CVE-2025-0110

Credits

Google GDCE