PT-2025-1007 · Palo Alto Networks · Palo Alto Networks Expedition

Mesut Cetin

Publicado

2025-01-08

Atualizado

2026-01-23

CVE-2025-0103

CVSS v4.0

9.2

Crítica

Vetor

AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:H/SI:N/SA:N/AU:N/R:U/V:C/RE:H/U:Amber

Name of the Vulnerable Software and Affected Versions: Palo Alto Networks Expedition (affected versions not specified)

Description: A SQL injection vulnerability in Palo Alto Networks Expedition enables an authenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. This vulnerability also enables attackers to create and read arbitrary files on the Expedition system.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89

Identificadores relacionados

BDU:2025-00155

CVE-2025-0103

Produtos afetados

Palo Alto Networks Expedition

PT-2025-1007 · Palo Alto Networks · Palo Alto Networks Expedition

CVE-2025-0103

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 16