Palo Alto Networks Expedition SQLi Exposes DB Hashes & API Keys
CVE-2025-0103 Published on January 11, 2025
Expedition: SQL Injection Vulnerability
An SQL injection vulnerability in Palo Alto Networks Expedition enables an authenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. This vulnerability also enables attackers to create and read arbitrary files on the Expedition system.
Timeline
Initial publication
Weakness Type
What is a SQL Injection Vulnerability?
The software constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.
CVE-2025-0103 has been classified to as a SQL Injection vulnerability or weakness.
Products Associated with CVE-2025-0103
Want to know whenever a new CVE is published for Palo Alto Networks Expedition? stack.watch will email you.
Affected Versions
Palo Alto Networks Cloud NGFW:- Version All is unaffected.
- Version 1 and below 1.2.100 is affected.
- Version All is unaffected.
- Version All is unaffected.
- Version All is unaffected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.