Wildcard Expansion Vulnerability in Palo Alto Networks Expedition
CVE-2025-0106

6.9MEDIUM

Key Information:

Vendor: Palo Alto Networks
Status: Cloud Ngfw; Expedition; Panorama; Pan-os
Vendor: CVE Published:; 11 January 2025

🔔 Create Palo Alto Networks Vulnerability Alert

Badges

👾 Exploit Exists

What is CVE-2025-0106?

A wildcard expansion vulnerability exists in Palo Alto Networks Expedition, which allows unauthenticated attackers to enumerate files on the host filesystem. This weakness could potentially lead to exposing sensitive information and escalate further attacks on the system. It is vital for users of Expedition to review security advisories and implement recommended patches to mitigate this risk.

Affected Version(s)

Expedition 1 < 1.2.101

Cloud NGFW All

PAN-OS All

References

https://security.paloaltonetworks.com/PAN-SA-2025-0001

vendor-advisory

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Jan 11, 2025
Vulnerability published
Jan 11, 2025

Credit

Advanced Research Team, CrowdStrike