CVE-2025-0107 Information

Description

An OS command injection vulnerability in Palo Alto Networks Expedition enables an authenticated attacker to run arbitrary OS commands as the www-data user in Expedition which results in the disclosure of usernames cleartext passwords device configurations and device API keys for firewalls running PAN-OS software.

Reference

https://security.paloaltonetworks.com/PAN-SA-2025-0001