CVE-2025-0106 — Improper Neutralization of Wildcards or Matching Symbols in Palo Alto Networks Expedition

CWE-155 — Improper Neutralization of Wildcards or Matching Symbols3 documents3 sources

Severity

6.9MEDIUMNVD

EPSS

0.5%

top 33.65%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Palo Alto Networks Expedition Paloaltonetworks Expedition

Timeline

PublishedJan 11

Description

A wildcard expansion vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to enumerate files on the host filesystem.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Affected Packages2 packages

▶NVDpaloaltonetworks/expedition< 1.2.101

▶CVEListV5palo_alto_networks/expedition1 — 1.2.101

🔴Vulnerability Details

GHSA

GHSA-r6wv-x735-w2v5: A wildcard expansion vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to enumerate files on the host filesystem↗2025-01-11

▶

CVEList

Expedition: Wildcard Expansion Vulnerability↗2025-01-11

▶