CVE-2025-0107

Critical

Published: 11 January 2025

Published

11 January 2025

Modified

23 January 2026

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.7953 99.1th percentile

Risk Priority 67 60% EPSS · 20% KEV · 20% CVSS

Description

An OS command injection vulnerability in Palo Alto Networks Expedition enables an unauthenticated attacker to run arbitrary OS commands as the www-data user in Expedition, which results in the disclosure of usernames, cleartext passwords, device configurations, and device API keys for firewalls running PAN-OS software.

Security Summary

CVE-2025-0107 is an OS command injection vulnerability (CWE-78) in Palo Alto Networks Expedition. The vulnerability affects the Expedition software and carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). It was published on 2025-01-11.

An unauthenticated attacker can exploit the vulnerability over the network with low complexity and no privileges to execute arbitrary OS commands as the www-data user in Expedition. Successful exploitation results in the disclosure of usernames, cleartext passwords, device configurations, and device API keys for firewalls running PAN-OS software.

Palo Alto Networks has published security advisory PAN-SA-2025-0001 with details on mitigations and patches, available at https://security.paloaltonetworks.com/PAN-SA-2025-0001.

Details

CWE(s): CWE-78

Affected Products

paloaltonetworks

expedition

≤ 1.2.101

References

https://security.paloaltonetworks.com/PAN-SA-2025-0001
Vendor Advisory · psirt@paloaltonetworks.com