CVE-2025-0105

Critical

Published: 11 January 2025

Published

11 January 2025

Modified

23 January 2026

KEV Added

—

Patch

—

CVSS Score 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

EPSS Score 0.0437 89.0th percentile

Risk Priority 21 60% EPSS · 20% KEV · 20% CVSS

Description

An arbitrary file deletion vulnerability in Palo Alto Networks Expedition enables an unauthenticated attacker to delete arbitrary files accessible to the www-data user on the host filesystem.

Security Summary

CVE-2025-0105 is an arbitrary file deletion vulnerability in Palo Alto Networks Expedition. Published on 2025-01-11, it enables an unauthenticated attacker to delete arbitrary files accessible to the www-data user on the host filesystem. The issue carries a CVSS v3.1 base score of 9.1 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H) and maps to CWE-73.

An unauthenticated attacker (PR:N) with network access (AV:N) to a vulnerable Expedition instance can exploit this flaw with low attack complexity (AC:L) and no user interaction (UI:N). Exploitation allows deletion of files writable by the www-data user, resulting in high integrity (I:H) and availability (A:H) impacts with no confidentiality impact (C:N) and unchanged scope (S:U).

Mitigation details are provided in Palo Alto Networks security advisory PAN-SA-2025-0001, available at https://security.paloaltonetworks.com/PAN-SA-2025-0001.

Details

CWE(s): CWE-73

Affected Products

paloaltonetworks

expedition

≤ 1.2.101

References

https://security.paloaltonetworks.com/PAN-SA-2025-0001
Vendor Advisory · psirt@paloaltonetworks.com