Unrated severityNVD Advisory· Published Jan 11, 2025· Updated Jan 13, 2025

Expedition: SQL Injection Vulnerability

CVE-2025-0103

Description

An SQL injection vulnerability in Palo Alto Networks Expedition enables an authenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. This vulnerability also enables attackers to create and read arbitrary files on the Expedition system.

Affected products

Paloaltonetworks/Expeditionllm-fuzzy2 versions
(expand)+ 1 more
- (no CPE)
- (no CPE)range: 1
Paloaltonetworks/Pan Osv5
Range: All
Paloaltonetworks/Cloud NGFWcpe-rescue
Range: All
Palo Alto Networks/Panoramav5
Range: All
Paloaltonetworks/Prisma Access Agentcpe-rescue
Range: All

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

security.paloaltonetworks.com/PAN-SA-2025-0001mitrevendor-advisory

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000