Arbitrary File Deletion Vulnerability in Palo Alto Networks Expedition
CVE-2025-0105

6.9MEDIUM

Key Information:

Vendor: Palo Alto Networks
Status: Cloud Ngfw; Expedition; Panorama; Pan-os
Vendor: CVE Published:; 11 January 2025

Badges

👾 Exploit Exists

Summary

An arbitrary file deletion vulnerability in Palo Alto Networks Expedition permits an unauthenticated attacker to delete files that are accessible to the www-data user on the host filesystem. This flaw could potentially be exploited to compromise the integrity of the system, allowing unauthorized manipulation of files critical to the operation of the affected application.

Affected Version(s)

Expedition 1 < 1.2.101

Cloud NGFW All

PAN-OS All

References

https://security.paloaltonetworks.com/PAN-SA-2025-0001

vendor-advisory

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

👾
Exploit known to exist
Jan 11, 2025
Vulnerability published
Jan 11, 2025

Collectors

NVD DatabaseMitre Database

Credit

Advanced Research Team, CrowdStrike