CVE-2025-0105
published 2025-01-11CVE-2025-0105: An arbitrary file deletion vulnerability in Palo Alto Networks Expedition enables an unauthenticated attacker to delete arbitrary files accessible to the…
PriorityP268critical9.1CVSS 3.1
AVNACLPRNUINSUCNIHAH
EPSS
12.96%
95.8th percentile
An arbitrary file deletion vulnerability in Palo Alto Networks Expedition enables an unauthenticated attacker to delete arbitrary files accessible to the www-data user on the host filesystem.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| palo_alto_networks | expedition | >= 1 < 1.2.101 | 1.2.101 |
| paloalto | pan-os | — | — |
| paloalto | panorama | — | — |
| paloalto | prisma_access | — | — |
| paloaltonetworks | expedition | < 1.2.101 | 1.2.101 |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2025-0105 is an unauthenticated arbitrary file deletion vulnerability affecting the www-data user on the Expedition host filesystem; monitor for unexpected file deletions by the www-data process/user on Expedition systems ↗
- →No authentication is required to exploit CVE-2025-0105; any unauthenticated HTTP request to the Expedition service that triggers file deletion should be treated as suspicious and investigated ↗
- →CVE-2025-0105 can be chained with other vulnerabilities in the same advisory (CVE-2025-0103 SQL injection, CVE-2025-0106 wildcard expansion, CVE-2025-0107 OS command injection) to expose firewall credentials including cleartext passwords, device configurations, and API keys; monitor Expedition for any combination of these attack patterns ↗
- ·CVE-2025-0105 does not affect PAN-OS firewalls, Panorama appliances, Prisma Access deployments, or Cloud NGFWs directly — only the Expedition migration tool host is impacted ↗
CVSS provenance
nvdv3.19.1CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
nvdv4.06.9MEDIUMCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:C/RE:H/U:Green
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-mf45-qm92-8v76: An arbitrary file deletion vulnerability in Palo Alto Networks Expedition enables an unauthenticated attacker to delete arbitrary files accessible to
ghsa_unreviewed·2025-01-11
CVE-2025-0105 [MEDIUM] CWE-73 GHSA-mf45-qm92-8v76: An arbitrary file deletion vulnerability in Palo Alto Networks Expedition enables an unauthenticated attacker to delete arbitrary files accessible to
An arbitrary file deletion vulnerability in Palo Alto Networks Expedition enables an unauthenticated attacker to delete arbitrary files accessible to the www-data user on the host filesystem.
Palo Alto
PAN-SA-2025-0001 Expedition: Multiple Vulnerabilities in Expedition Migration Tool Lead to Exposure of Firewall Credentials
vendor_paloalto·2025-01-08·CVSS 9.2
[CRITICAL] CWE-155 PAN-SA-2025-0001 Expedition: Multiple Vulnerabilities in Expedition Migration Tool Lead to Exposure of Firewall Credentials
PAN-SA-2025-0001 Expedition: Multiple Vulnerabilities in Expedition Migration Tool Lead to Exposure of Firewall Credentials
Multiple vulnerabilities in the Palo Alto Networks Expedition migration tool enable an attacker to read Expedition database contents and arbitrary files, as well as create and delete arbitrary files on the Expedition system. These files include information such as usernames, cleartext passwords, device configurations, and device API keys for firewalls running PAN-OS software. Expedition, previously known as the Migration Tool, is a free tool that facilitates migration to the Palo Alto Networks NGFW platform from other firewall vendors and provides a temporary workspace for optimizing Palo Alto Networks security policies. Expedition is designed to only be used tempora
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-01-11
Published