Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog Latest Updates Security News
Sign In Sign Up

CVE-2025-0107

UNKNOWN
Published 2025-01-11T03:02:49.517Z
Actions:
No CVSS data available

Description

An OS command injection vulnerability in Palo Alto Networks Expedition enables an unauthenticated attacker to run arbitrary OS commands as the www-data user in Expedition, which results in the disclosure of usernames, cleartext passwords, device configurations, and device API keys for firewalls running PAN-OS software.

Available Exploits

Palo Alto Networks Expedition - OS Command Injection

An OS command injection vulnerability in Palo Alto Networks Expedition enables an unauthenticated attacker to run arbitrary OS commands as the www-data user in Expedition, which results in the disclosure of usernames, cleartext passwords, device configurations, and device API keys for firewalls running PAN-OS software.

ID: CVE-2025-0107
Author: iamnoooobpdresearch Critical

References:

Related News

CVE-2025-0107: PoC Exploit Code Released for Palo Alto Expedition RCE Flaw

Security researchers published the technical details and a proof-of-concept (PoC) exploit code for CVE-2025-0107, a vulnerability in Palo The post CVE-2025-0107: PoC Exploit Code Released for Palo Alto Expedition RCE Flaw appeared first on Cybersecurity News.

SecurityOnline.info 2025-01-18 01:43
Read More

Affected Products

Palo Alto Networks

Cloud NGFW

Affected Versions:

All
Palo Alto Networks

Expedition

Affected Versions:

1
Palo Alto Networks

Panorama

Affected Versions:

All
Palo Alto Networks

PAN-OS

Affected Versions:

All
Palo Alto Networks

Prisma Access

Affected Versions:

All

References

https://security.paloaltonetworks.com/PAN-SA-2025-0001
Published: 2025-01-11T03:02:49.517Z
Last Modified: 2025-01-24T04:56:01.054Z
Copied to clipboard!