Expedition
CVE-2025-0107
HIGH
Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:C/RE:H/U:Green
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:C/RE:H/U:Green
Lifecycle Timeline
2DescriptionCVE.org
An OS command injection vulnerability in Palo Alto Networks Expedition enables an unauthenticated attacker to run arbitrary OS commands as the www-data user in Expedition, which results in the disclosure of usernames, cleartext passwords, device configurations, and device API keys for firewalls running PAN-OS software.
AnalysisAI
Palo Alto Networks Expedition contains an unauthenticated OS command injection vulnerability that allows attackers to execute arbitrary commands as the www-data user. Successful exploitation exposes firewall usernames, cleartext passwords, device configurations, and API keys for PAN-OS managed firewalls.
Technical ContextAI
Palo Alto Expedition (formerly Migration Tool) is used to migrate firewall configurations from other vendors to PAN-OS. The application stores PAN-OS firewall credentials, device configurations, and API keys in its database. The command injection vulnerability allows unauthenticated attackers to execute commands as the www-data user, which has read access to the Expedition database and configuration files.
RemediationAI
Palo Alto Networks has announced Expedition end-of-life. Migrate away from Expedition immediately. Rotate all PAN-OS admin credentials and API keys that were stored in Expedition. Restrict network access to Expedition instances. Monitor PAN-OS firewalls for unauthorized configuration changes.
More in Expedition
View allMissing authentication for a critical function in Palo Alto Networks Expedition can lead to an Expedition admin account
An OS command injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to run arbitra
The Palo Alto Networks Expedition Migration tool 1.0.107 and earlier may allow an unauthenticated attacker with remote a
An SQL injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to reveal Expedition
An OS command injection vulnerability in Palo Alto Networks Expedition allows an authenticated attacker to run arbitrary
The Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML
The Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML
The Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML
A cleartext storage of sensitive information vulnerability in Palo Alto Networks Expedition allows an authenticated atta
The Expedition Migration tool 1.0.106 and earlier may allow an unauthenticated attacker to enumerate files on the operat
A reflected XSS vulnerability in Palo Alto Networks Expedition enables execution of malicious JavaScript in the context
A wildcard expansion vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to enumerate file
Same weakness CWE-78 – OS Command Injection
View allSame technique Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today