CVE-2025-0107
HIGHCVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:C/RE:H/U:Green
Lifecycle Timeline
2Description
An OS command injection vulnerability in Palo Alto Networks Expedition enables an unauthenticated attacker to run arbitrary OS commands as the www-data user in Expedition, which results in the disclosure of usernames, cleartext passwords, device configurations, and device API keys for firewalls running PAN-OS software.
Analysis
Palo Alto Networks Expedition contains an unauthenticated OS command injection vulnerability that allows attackers to execute arbitrary commands as the www-data user. Successful exploitation exposes firewall usernames, cleartext passwords, device configurations, and API keys for PAN-OS managed firewalls.
Technical Context
Palo Alto Expedition (formerly Migration Tool) is used to migrate firewall configurations from other vendors to PAN-OS. The application stores PAN-OS firewall credentials, device configurations, and API keys in its database. The command injection vulnerability allows unauthenticated attackers to execute commands as the www-data user, which has read access to the Expedition database and configuration files.
Affected Products
['Palo Alto Networks Expedition (all versions)']
Remediation
Palo Alto Networks has announced Expedition end-of-life. Migrate away from Expedition immediately. Rotate all PAN-OS admin credentials and API keys that were stored in Expedition. Restrict network access to Expedition instances. Monitor PAN-OS firewalls for unauthorized configuration changes.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today