CVE-2025-0107

CRITICAL

CVSS v3

9.8

CRITICAL

EPSS Score

81.0%

exploit probability

CISA KEV

No

known exploited

Exploitation

SSVC status

Description

An OS command injection vulnerability in Palo Alto Networks Expedition enables an unauthenticated attacker to run arbitrary OS commands as the www-data user in Expedition, which results in the disclosure of usernames, cleartext passwords, device configurations, and device API keys for firewalls running PAN-OS software.

Technical Details

Published
1/11/2025

Frequently Asked Questions

What is CVE-2025-0107?

An OS command injection vulnerability in Palo Alto Networks Expedition enables an unauthenticated attacker to run arbitrary OS commands as the www-data user in Expedition, which results in the disclosure of usernames, cleartext passwords, device configurations, and device API keys for firewalls running PAN-OS software.

Is CVE-2025-0107 actively exploited?

Active exploitation of CVE-2025-0107 has not been confirmed. The EPSS score is 81.0%, indicating the estimated probability of exploitation in the next 30 days.

What is the CVSS score for CVE-2025-0107?

CVE-2025-0107 has a CVSS v3 base score of 9.8 (CRITICAL severity).

Is CVE-2025-0107 affecting your environment?

Use isMalicious to check if any of your IPs or domains are associated with this vulnerability's IOCs.