Wildcard Expansion Vulnerability in Palo Alto Networks Expedition
CVE-2025-0106

6.9MEDIUM

Key Information:

Vendor: Palo Alto Networks
Status: Cloud Ngfw; Expedition; Panorama; Pan-os
Vendor: CVE Published:; 11 January 2025

Badges

👾 Exploit Exists

Summary

A wildcard expansion vulnerability exists in Palo Alto Networks Expedition, which allows unauthenticated attackers to enumerate files on the host filesystem. This weakness could potentially lead to exposing sensitive information and escalate further attacks on the system. It is vital for users of Expedition to review security advisories and implement recommended patches to mitigate this risk.

Affected Version(s)

Expedition 1 < 1.2.101

Cloud NGFW All

PAN-OS All

References

https://security.paloaltonetworks.com/PAN-SA-2025-0001

vendor-advisory

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

👾
Exploit known to exist
Jan 11, 2025
Vulnerability published
Jan 11, 2025

Collectors

NVD DatabaseMitre Database

Credit

Advanced Research Team, CrowdStrike