Skip to main content

Expedition CVE-2025-0107

HIGH
OS Command Injection (CWE-78)
2025-01-11 psirt@paloaltonetworks.com
7.7
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
7.7 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:C/RE:H/U:Green

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:C/RE:H/U:Green
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

2
Analysis Generated
Mar 28, 2026 - 18:03 vuln.today
CVE Published
Jan 11, 2025 - 03:15 nvd
HIGH 7.7

DescriptionCVE.org

An OS command injection vulnerability in Palo Alto Networks Expedition enables an unauthenticated attacker to run arbitrary OS commands as the www-data user in Expedition, which results in the disclosure of usernames, cleartext passwords, device configurations, and device API keys for firewalls running PAN-OS software.

AnalysisAI

Palo Alto Networks Expedition contains an unauthenticated OS command injection vulnerability that allows attackers to execute arbitrary commands as the www-data user. Successful exploitation exposes firewall usernames, cleartext passwords, device configurations, and API keys for PAN-OS managed firewalls.

Technical ContextAI

Palo Alto Expedition (formerly Migration Tool) is used to migrate firewall configurations from other vendors to PAN-OS. The application stores PAN-OS firewall credentials, device configurations, and API keys in its database. The command injection vulnerability allows unauthenticated attackers to execute commands as the www-data user, which has read access to the Expedition database and configuration files.

RemediationAI

Palo Alto Networks has announced Expedition end-of-life. Migrate away from Expedition immediately. Rotate all PAN-OS admin credentials and API keys that were stored in Expedition. Restrict network access to Expedition instances. Monitor PAN-OS firewalls for unauthorized configuration changes.

CVE-2024-5910 CRITICAL POC
9.3 Jul 10

Missing authentication for a critical function in Palo Alto Networks Expedition can lead to an Expedition admin account

CVE-2024-9463 CRITICAL POC
9.9 Oct 09

An OS command injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to run arbitra

CVE-2018-10143 CRITICAL POC
9.8 Dec 12

The Palo Alto Networks Expedition Migration tool 1.0.107 and earlier may allow an unauthenticated attacker with remote a

CVE-2024-9465 CRITICAL POC
9.2 Oct 09

An SQL injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to reveal Expedition

CVE-2024-9464 CRITICAL
9.3 Oct 09

An OS command injection vulnerability in Palo Alto Networks Expedition allows an authenticated attacker to run arbitrary

CVE-2019-1571 MEDIUM POC
4.8 Mar 26

The Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML

CVE-2019-1570 MEDIUM POC
4.8 Mar 26

The Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML

CVE-2019-1569 MEDIUM POC
4.8 Mar 26

The Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML

CVE-2024-9466 HIGH
8.2 Oct 09

A cleartext storage of sensitive information vulnerability in Palo Alto Networks Expedition allows an authenticated atta

CVE-2018-10142 HIGH
7.5 Nov 27

The Expedition Migration tool 1.0.106 and earlier may allow an unauthenticated attacker to enumerate files on the operat

CVE-2024-9467 HIGH
7.0 Oct 09

A reflected XSS vulnerability in Palo Alto Networks Expedition enables execution of malicious JavaScript in the context

CVE-2025-0106 MEDIUM
6.9 Jan 11

A wildcard expansion vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to enumerate file

Share

CVE-2025-0107 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy