CVE-2025-0103

High

Published: 11 January 2025

Published

11 January 2025

Modified

23 January 2026

KEV Added

—

Patch

—

CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0046 63.9th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Description

An SQL injection vulnerability in Palo Alto Networks Expedition enables an authenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. This vulnerability also enables attackers to create and read arbitrary files on the Expedition system.

Security Summary

CVE-2025-0103 is an SQL injection vulnerability (CWE-89) in Palo Alto Networks Expedition. Published on 2025-01-11, it carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and affects the Expedition management tool.

An authenticated attacker with network access and low-privilege user rights can exploit this vulnerability to reveal sensitive Expedition database contents, including password hashes, usernames, device configurations, and device API keys. The flaw also allows attackers to create and read arbitrary files on the Expedition system, potentially leading to full compromise.

The Palo Alto Networks security advisory PAN-SA-2025-0001 at https://security.paloaltonetworks.com/PAN-SA-2025-0001 provides details on mitigation and patching.

Details

CWE(s): CWE-89

Affected Products

paloaltonetworks

expedition

≤ 1.2.101

References

https://security.paloaltonetworks.com/PAN-SA-2025-0001
Vendor Advisory · psirt@paloaltonetworks.com