Home

Description

An SQL injection vulnerability in Palo Alto Networks Expedition enables an authenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. This vulnerability also enables attackers to create and read arbitrary files on the Expedition system.

PUBLISHED Reserved 2024-12-20 | Published 2025-01-11 | Updated 2025-01-13 | Assigner palo_alto




CRITICAL: 9.2CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:H/SI:N/SA:N/AU:N/R:U/V:C/RE:H/U:Amber

Problem types

CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Product status

Default status
unaffected

All (custom)
unaffected

Default status
unaffected

1 (custom) before 1.2.100
affected

Default status
unaffected

All (custom)
unaffected

Default status
unaffected

All (custom)
unaffected

Default status
unaffected

All (custom)
unaffected

Timeline

2025-01-08:Initial publication

Credits

Mesut Cetin of RedTeamer IT Security finder

References

security.paloaltonetworks.com/PAN-SA-2025-0001 vendor-advisory

cve.org (CVE-2025-0103)

nvd.nist.gov (CVE-2025-0103)