CVE-2025-0107
EUVD-2025-150411.01.2025, 03:15
An OS command injection vulnerability in Palo Alto Networks Expedition enables an unauthenticated attacker to run arbitrary OS commands as the www-data user in Expedition, which results in the disclosure of usernames, cleartext passwords, device configurations, and device API keys for firewalls running PAN-OS software.
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| paloaltonetworks | expedition | 𝑥 < 1.2.101 |
𝑥
= Vulnerable software versions