CyberSecurity news
TIGR Threat Watch@Security Risk Advisors
//
Multiple vulnerabilities have been discovered in Palo Alto Networks' Expedition migration tool, posing significant security risks. These flaws could allow attackers to gain unauthorized access to sensitive data such as usernames, cleartext passwords, device configurations, and API keys associated with firewalls running PAN-OS software. An OS command injection vulnerability, identified as CVE-2025-0107, allows authenticated attackers to execute arbitrary OS commands, potentially leading to data breaches and system compromise. Other vulnerabilities include SQL injection (CVE-2025-0103), reflected cross-site scripting (CVE-2025-0104), arbitrary file deletion (CVE-2025-0105) and a wildcard expansion enumeration (CVE-2025-0106).
The Expedition tool, intended for firewall migration and optimization, reached its End of Life (EoL) on December 31, 2024, and is no longer supported or updated. Organizations are strongly advised to transition away from using Expedition and to explore alternative migration tools. While Palo Alto Networks has released patches in versions 1.2.100 and 1.2.101, no further updates are planned for the tool. Until users can migrate, it is recommended to restrict network access to Expedition to only authorized users, hosts, and networks, or to shut down the service if it's not in use.
ImgSrc: security.paloal
References :
- gbhackers.com: Palo Alto Networks Expedition Tool Vulnerability Let Attackers Access Cleartext Passwords
- : Palo Alto Networks security advisories 08 January 2025: Expedition: Multiple Vulnerabilities in Expedition Migration Tool Lead to Exposure of Firewall Credentials
- securityonline.info: CISA Alerts on Actively Exploited Vulnerabilities in Mitel MiCollab and Oracle WebLogic Server
- ciso2ciso.com: Mitel 0-day, 5-year-old Oracle RCE bug under active exploit – Source: go.theregister.com
- The Hacker News: CISA Flags Critical Flaws in Mitel and Oracle Systems Amid Active Exploitation
- Latest from TechRadar: CISA says Oracle and Mitel have critical security flaws being exploited
- ciso2ciso.com: Mitel 0-day, 5-year-old Oracle RCE bug under active exploit – Source: go.theregister.com
- gbhackers.com: Palo Alto Networks Expedition Tool Vulnerability Let Attackers Access Cleartext Passwords
- securityonline.info: Mutiple Vulnerabilities Found in Palo Alto Networks Expedition Tool
- socca.tech: CVE-2025-0107: (Palo Alto Networks Expedition: Medium)
- Security Risk Advisors: Multiple Vulnerabilities in Palo Alto Networks Expedition Tool Allow Exposure of Firewall Credentials
Classification:
- HashTags: #PaloAltoNetworks #ExpeditionTool #Vulnerability
- Company: Palo Alto Networks
- Target: Palo Alto Networks Users
- Product: Expedition
- Feature: OS Command Injection
- Type: Vulnerability
- Severity: Major