CVE-2025-0107
Expert Analysis
Professional remediation guidance
Get tailored security recommendations from our analyst team for CVE-2025-0107. We'll provide specific mitigation strategies based on your environment and risk profile.
Description
An OS command injection vulnerability in Palo Alto Networks Expedition enables an unauthenticated attacker to run arbitrary OS commands as the www-data user in Expedition, which results in the disclosure of usernames, cleartext passwords, device configurations, and device API keys for firewalls running PAN-OS software.
Available Exploits
Palo Alto Networks Expedition - OS Command Injection
An OS command injection vulnerability in Palo Alto Networks Expedition enables an unauthenticated attacker to run arbitrary OS commands as the www-data user in Expedition, which results in the disclosure of usernames, cleartext passwords, device configurations, and device API keys for firewalls running PAN-OS software.
Related News
Security researchers published the technical details and a proof-of-concept (PoC) exploit code for CVE-2025-0107, a vulnerability in Palo The post CVE-2025-0107: PoC Exploit Code Released for Palo Alto Expedition RCE Flaw appeared first on Cybersecurity News.
Affected Products
Affected Versions:
Affected Versions:
Affected Versions:
Affected Versions:
Affected Versions:
GitHub Security Advisories
Community-driven vulnerability intelligence from GitHub
Advisory Details
CVSS Scoring
CVSS Score
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:C/RE:H/U:Green
References
Advisory provided by GitHub Security Advisory Database. Published: January 11, 2025, Modified: January 11, 2025