CVE-2025-0105CRITICAL 9.1EPSS p95.7%

CVE-2025-0105CVE-2025-0105

Description

An arbitrary file deletion vulnerability in Palo Alto Networks Expedition enables an unauthenticated attacker to delete arbitrary files accessible to the www-data user on the host filesystem.

Scoring

CVSS 3.19.1 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
EPSS12.33% probability of exploitation · percentile 95.7% · 2026-06-18T12:00:27Z
Published2025-01-11
Last modified2026-01-23

Underlying weaknesses· 1

CWE-73

References

  1. https://security.paloaltonetworks.com/PAN-SA-2025-0001

1

TypeTargetConfidenceTier
WeaknessExternal Control of File Name or Pathcwe-730%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-0107
CVE
CVE-2025-0103
CVE
Palo Alto Networks PAN-OS File Read Vulnerability
CVE
Palo Alto Networks Expedition SQL Injection Vulnerability
CVE
Palo Alto Networks Expedition Missing Authentication Vulnerability
CVE
Palo Alto Networks Expedition OS Command Injection Vulnerability
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.