Today > 5 Critical | 36 High | 55 Medium | 1 Low vulnerabilities   -   You can now download lists of IOCs here!

CVE-2025-0107

Jan. 11, 2025, 3:15 a.m.

Tags

CWE-78
psirt@paloaltonetworks.com
2025-01-11
CVE-2025-0107

Product(s) Impacted

Palo Alto Networks Expedition

Description

An OS command injection vulnerability in Palo Alto Networks Expedition enables an authenticated attacker to run arbitrary OS commands as the www-data user in Expedition, which results in the disclosure of usernames, cleartext passwords, device configurations, and device API keys for firewalls running PAN-OS software.

Weaknesses

CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

CWE ID: 78

Date

Published: Jan. 11, 2025, 3:15 a.m.

Last Modified: Jan. 11, 2025, 3:15 a.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

psirt@paloaltonetworks.com

References

https://security.paloaltonetworks.com/ psirt@paloaltonetworks.com