Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2025-0107OS Command Injection in Palo Alto Networks Expedition

CWE-78OS Command Injection7 documents7 sources
Severity
7.7HIGHNVD
EPSS
79.8%
top 0.90%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Palo Alto Networks ExpeditionPaloaltonetworks Expedition
Timeline
PublishedJan 11
Latest updateSep 26

Description

An OS command injection vulnerability in Palo Alto Networks Expedition enables an unauthenticated attacker to run arbitrary OS commands as the www-data user in Expedition, which results in the disclosure of usernames, cleartext passwords, device configurations, and device API keys for firewalls running PAN-OS software.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:H/SI:N/SA:N

Affected Packages2 packages

CVEListV5palo_alto_networks/expedition11.2.100

🔴Vulnerability Details

3
CVEList
Expedition: OS Command Injection Vulnerability2025-01-11
GHSA
GHSA-mhj4-9938-5fpw: An OS command injection vulnerability in Palo Alto Networks Expedition enables an authenticated attacker to run arbitrary OS commands as the www-data2025-01-11
VulnCheck
Palo Alto Networks Expedition Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')2025

💥Exploits & PoCs

1
Nuclei
Palo Alto Networks Expedition - OS Command Injection

🔍Detection Rules

1
Suricata
ET WEB_SPECIFIC_APPS Palo Alto Expedition OS Command Injection (CVE-2025-0107)2025-09-26

🕵️Threat Intelligence

1
Greynoiseio
NoiseLetter January 2025
CVE-2025-0107 — OS Command Injection in Palo | cvebase