CVE-2025-0103HIGH 8.8EPSS p43.8%

CVE-2025-0103CVE-2025-0103

Description

An SQL injection vulnerability in Palo Alto Networks Expedition enables an authenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. This vulnerability also enables attackers to create and read arbitrary files on the Expedition system.

Scoring

CVSS 3.18.8 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS0.60% probability of exploitation · percentile 43.8% · 2026-06-19T12:03:05Z
Published2025-01-11
Last modified2026-01-23

Underlying weaknesses· 1

CWE-89

References

  1. https://security.paloaltonetworks.com/PAN-SA-2025-0001

1

TypeTargetConfidenceTier
WeaknessImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')cwe-890%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
Palo Alto Networks Expedition SQL Injection Vulnerability
CVE
CVE-2025-0107
CVE
CVE-2025-0105
CVE
Palo Alto Networks Expedition OS Command Injection Vulnerability
CVE
Palo Alto Networks Expedition Missing Authentication Vulnerability
CVE
Palo Alto Networks PAN-OS Authentication Bypass Vulnerability
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.