- Description
- An OS command injection vulnerability in Palo Alto Networks Expedition enables an unauthenticated attacker to run arbitrary OS commands as the www-data user in Expedition, which results in the disclosure of usernames, cleartext passwords, device configurations, and device API keys for firewalls running PAN-OS software.
- Source
- psirt@paloaltonetworks.com
- NVD status
- Awaiting Analysis
- CNA Tags
- unsupported-when-assigned
CVSS 4.0
- Type
- Secondary
- Base score
- 7.7
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:C/RE:H/U:Green
- Severity
- HIGH
- psirt@paloaltonetworks.com
- CWE-78
- Hype score
- Not currently trending
#exploit 1. CVE-2025-0107: Palo Alto Expedition Tool OS Command Injection - https://t.co/zjTJG9qfQb 2. CVE-2025-22710: WP WooCommerce SQLI - https://t.co/rNTF9xwiwu 3. CVE-2025-23013: Yubico PAM Module Authentication Bypass in Certain Configurations - https://t.co/oqrWCTXihb
@ksg93rd
21 Jan 2025
192 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
💡MITREが「D3FEND 1.0」を発表 目的は脅威に対抗するサイバーセキュリティ技術の標準化 🚨CVE-2025-0107:パロアルト「Expedition」のRCE脆弱性、PoCエクスプロイトコードが公開される 〜サイバーセキュリティ 週末の話題〜 https://t.co/HUwW0XTsw7 #セキュリティ #インテリジェンス #OSINT
@MachinaRecord
20 Jan 2025
227 Impressions
0 Retweets
3 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Critical Cybersecurity Alert: Palo Alto Networks Expedition Tool Vulnerability 🚨 A recently disclosed OS command injection vulnerability (CVE-2025-0107) in Palo Alto Networks’ Expedition tool poses a serious threat to organizations using versions 1.2.101 and earlier. The… ht
@CipherGuardians
19 Jan 2025
63 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨🚨CVE-2025-0107: Expedition: OS Command Injection Vulnerability ⚠️Unauthenticated attackers to trigger a call to an Apache Spark server (attacker controlled) which can then be used to cause the execution of arbitrary code. ZoomEye Dork👉app="Palo Alto Networks Expedition" 433…
@zoomeye_team
19 Jan 2025
479 Impressions
2 Retweets
5 Likes
2 Bookmarks
0 Replies
0 Quotes
CVE-2025-0107 PoC Exploit Code Released for PaloAlto Flaw #CVE-2025-0107 #PaloAlto #PoCExploitCode https://t.co/YsyXdBPVjo
@pravin_karthik
19 Jan 2025
45 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ Exploit Activo para CVE-2025-0107: Riesgo Crítico en Palo Alto Expedition. ¡Actúa Ahora! https://t.co/LiGCqViACV
@tpx_Security
18 Jan 2025
165 Impressions
2 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-0107: PoC Exploit Code Released for Palo Alto Expedition RCE Flaw Learn about the recently published technical details and PoC exploit code for CVE-2025-0107, a serious vulnerability in Palo Alto Networks' Expedition migration tool. https://t.co/CEpz3qbLBs
@the_yellow_fall
18 Jan 2025
724 Impressions
1 Retweet
8 Likes
0 Bookmarks
2 Replies
1 Quote
New post from https://t.co/uXvPWJy6tj (CVE-2025-0107 | Palo Alto Networks Cloud NGFW os command injection) has been published on https://t.co/oHY9qaqjtl
@WolfgangSesin
11 Jan 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-0107 Authenticated OS Command Injection in Palo Alto Networks Expedition Palo Alto Networks Expedition has a command injection vulnerability. An authenticated attacker can execute any OS commands as the ... https://t.co/bFf9U9dCq7
@VulmonFeeds
11 Jan 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-0107 An OS command injection vulnerability in Palo Alto Networks Expedition enables an authenticated attacker to run arbitrary OS commands as the www-data user in Expedition… https://t.co/YtgUHRkR1H
@CVEnew
11 Jan 2025
300 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes