SQL Injection Vulnerability in Palo Alto Networks Expedition
CVE-2025-0103

9.2CRITICAL

Key Information:

Vendor
CVE Published:
11 January 2025

Badges

👾 Exploit Exists

What is CVE-2025-0103?

CVE-2025-0103 is a significant SQL injection vulnerability discovered in Palo Alto Networks Expedition, a tool designed for managing and analyzing network security configurations and device data. This vulnerability allows authenticated attackers to gain unauthorized access to the Expedition database. Such access can lead to exposure of sensitive information, including password hashes, usernames, device configurations, and API keys. The impact on organizations utilizing this software can be severe, as it compromises the confidentiality and integrity of critical security credentials and configurations.

Technical Details

The vulnerability stems from inadequate input validation within the Expedition application, which allows attackers who have already obtained authenticated access to exploit SQL injection techniques. By crafting malicious SQL queries, attackers can extract sensitive data from the database and manipulate files on the system. This not only exposes sensitive data but also facilitates further exploitation and persistence within the affected environment.

Potential impact of CVE-2025-0103

  1. Data Exposure: Unauthorized access to sensitive credentials and configurations can lead to significant data breaches, enabling attackers to gain insights into the organization's network security measures and devices.

  2. System Compromise: The ability to create and read arbitrary files can allow attackers to upload malicious scripts or tools that can facilitate further attacks or persist in the environment undetected.

  3. Loss of Trust: As the integrity of security configurations is compromised, organizations may face reputational damage and loss of trust from clients and stakeholders due to inadequate protection of their infrastructure.

Affected Version(s)

Expedition 1 < 1.2.100

Cloud NGFW All

PAN-OS All

References

CVSS V4

Score:
9.2
Severity:
CRITICAL
Confidentiality:
High
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 👾

    Exploit known to exist

  • Vulnerability published

Credit

Mesut Cetin of RedTeamer IT Security
.