CVE-2025-0103 | THREATINT

Description

An SQL injection vulnerability in Palo Alto Networks Expedition enables an authenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. This vulnerability also enables attackers to create and read arbitrary files on the Expedition system.

PUBLISHED Reserved 2024-12-20 | Published 2025-01-11 | Updated 2025-01-13 | Assigner palo_alto

CRITICAL: 9.2CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:H/SI:N/SA:N/AU:N/R:U/V:C/RE:H/U:Amber

Problem types

CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Product status

Default status

unaffected

All (custom)

unaffected

Default status

unaffected

1 (custom) before 1.2.100

affected

Default status

unaffected

All (custom)

unaffected

Default status

unaffected

All (custom)

unaffected

Default status

unaffected

All (custom)

unaffected

Timeline

2025-01-08:

Initial publication

Credits

Mesut Cetin of RedTeamer IT Security finder

References

security.paloaltonetworks.com/PAN-SA-2025-0001 vendor-advisory

cve.org (CVE-2025-0103)

nvd.nist.gov (CVE-2025-0103)

Download JSON