CVE-2025-0105External Control of File Name or Path in Palo Alto Networks Expedition

CWE-73External Control of File Name or Path3 documents3 sources
Severity
6.9MEDIUMNVD
EPSS
4.4%
top 11.02%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Palo Alto Networks ExpeditionPaloaltonetworks Expedition
Timeline
PublishedJan 11

Description

An arbitrary file deletion vulnerability in Palo Alto Networks Expedition enables an unauthenticated attacker to delete arbitrary files accessible to the www-data user on the host filesystem.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Affected Packages2 packages

CVEListV5palo_alto_networks/expedition11.2.101

🔴Vulnerability Details

2
GHSA
GHSA-mf45-qm92-8v76: An arbitrary file deletion vulnerability in Palo Alto Networks Expedition enables an unauthenticated attacker to delete arbitrary files accessible to2025-01-11
CVEList
Expedition: Arbitrary File Deletion Vulnerability2025-01-11
CVE-2025-0105 — External Control of File Name or Path | cvebase