What is the severity of CVE-2025-0105?

CVE-2025-0105 has a UNKNOWN severity rating. The EPSS (Exploit Prediction Scoring System) score is 0.00486, indicating a 0.5% probability of exploitation in the wild within 30 days.

When was CVE-2025-0105 published?

CVE-2025-0105 was published on January 11, 2025.

CVE-2025-0105

Q: What is CVE-2025-0105?

CVE-2025-0105 is a unknown severity security vulnerability. An arbitrary file deletion vulnerability in Palo Alto Networks Expedition enables an unauthenticated attacker to delete arbitrary files accessible to the www-data user on the host filesystem.

UNKNOWN

Published 2025-01-11T03:01:24.168Z

Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2025-0105. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

An arbitrary file deletion vulnerability in Palo Alto Networks Expedition enables an unauthenticated attacker to delete arbitrary files accessible to the www-data user on the host filesystem.

Understanding This Vulnerability

This Common Vulnerabilities and Exposures (CVE) entry provides detailed information about a security vulnerability that has been publicly disclosed. CVEs are standardized identifiers assigned by MITRE Corporation to track and catalog security vulnerabilities across software and hardware products.

The severity rating (UNKNOWN) indicates the potential impact of this vulnerability based on the CVSS (Common Vulnerability Scoring System) framework. Higher severity ratings typically indicate vulnerabilities that could lead to more significant security breaches if exploited. Security teams should prioritize remediation efforts based on severity, exploit availability, and the EPSS (Exploit Prediction Scoring System) score, which predicts the likelihood of exploitation in the wild.

If this vulnerability affects products or systems in your infrastructure, we recommend reviewing the affected products section, checking for available patches or updates from vendors, and implementing recommended workarounds or solutions until a permanent fix is available. Organizations should also monitor security advisories and threat intelligence feeds for updates about active exploitation of this vulnerability.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

Palo Alto Networks

Cloud NGFW

Affected Versions:

All

Palo Alto Networks

Expedition

Affected Versions:

Palo Alto Networks

Panorama

Affected Versions:

All

Palo Alto Networks

PAN-OS

Affected Versions:

All

Palo Alto Networks

Prisma Access

Affected Versions:

All

References

https://security.paloaltonetworks.com/PAN-SA-2025-0001 (CNA)

Workarounds

Ensure that all network access to Expedition is restricted to only authorized users, hosts, and networks. If you are not actively using Expedition, make sure that your Expedition software is shut down.

Solutions

This issue is fixed in Expedition 1.2.101 and all later versions* of Expedition.

* Expedition reached its End of Life (EoL) date https://live.paloaltonetworks.com/t5/expedition-articles/important-update-end-of-life-announcement-for-palo-alto-networks/ta-p/589642 and is no longer supported. We added these fixes prior to the EoL date and we do not plan to make any additional updates or security fixes. Please use the suggested alternatives listed in the Expedition End of Life Announcement https://live.paloaltonetworks.com/t5/expedition-articles/important-update-end-of-life-announcement-for-palo-alto-networks/ta-p/589642 .

Credits & Acknowledgments

finder

Advanced Research Team, CrowdStrike

Timeline

Initial publication

EU Vulnerability Database

Monitored by ENISA for EU cybersecurity

EU Coordination

EU Coordinated

Exploitation Status

No Known Exploitation

EUVD ID

View on ENISA

ENISA Analysis

Malicious code in bioql (PyPI)

Affected Products (ENISA)

palo alto networks

expedition

ENISA Scoring

CVSS Score (4.0)

6.9

/10

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/AU:N/R:U/V:C/RE:H/U:Green

EPSS Score

0.820

probability

ENISA References

https://security.paloaltonetworks.com/PAN-SA-2025-0001

Data provided by ENISA EU Vulnerability Database. Last updated: October 3, 2025

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

⚠ Unreviewed MODERATE

GHSA-mf45-qm92-8v76

Advisory Details

An arbitrary file deletion vulnerability in Palo Alto Networks Expedition enables an unauthenticated attacker to delete arbitrary files accessible to the www-data user on the host filesystem.

CVSS Scoring

CVSS Score

5.0

CVSS Vector


                                    CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:C/RE:H/U:Green

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2025-0105

WEB https://security.paloaltonetworks.com/PAN-SA-2025-0001

Advisory provided by GitHub Security Advisory Database. Published: January 11, 2025, Modified: January 11, 2025

References

https://security.paloaltonetworks.com/PAN-SA-2025-0001

Published: 2025-01-11T03:01:24.168Z

Last Modified: 2025-01-13T19:50:31.391Z

Copied to clipboard!

CVE-2025-0105

Expert Analysis

Description

Understanding This Vulnerability

Available Exploits

Related News

Affected Products

Cloud NGFW

Affected Versions:

Expedition

Affected Versions:

Panorama

Affected Versions:

PAN-OS

Affected Versions:

Prisma Access

Affected Versions:

References

Workarounds

Solutions

Credits & Acknowledgments

Timeline

EU Vulnerability Database

EU Coordination

Exploitation Status

EUVD ID

ENISA Analysis

Affected Products (ENISA)

ENISA Scoring

CVSS Score (4.0)

EPSS Score

ENISA References

GitHub Security Advisories

Advisory Details

CVSS Scoring

CVSS Score

CVSS Vector

References

References

Request Analysis

What to expect

Request Received!