Palo Alto Networks has launched device patches to deal with a number of safety flaws in its Expedition migration software, together with a high-severity trojan horse that an authenticated attacker may just exploit to get admission to delicate records.
“More than one vulnerabilities within the Palo Alto Networks Expedition migration software allow an attacker to learn Expedition database contents and arbitrary information, in addition to create and delete arbitrary information at the Expedition gadget,” the corporate mentioned in an advisory.
“Those information come with knowledge akin to usernames, cleartext passwords, software configurations, and software API keys for firewalls operating PAN-OS device.”
Expedition, a loose software introduced by means of Palo Alto Networks to facilitate migration from different firewall distributors to its personal platform, reached end-of-life (EoL) as of December 31, 2024. The checklist of flaws is as follows –
- CVE-2025-0103 (CVSS ranking: 7.8) – An SQL injection vulnerability that permits an authenticated attacker to expose Expedition database contents, akin to password hashes, usernames, software configurations, and software API keys, in addition to create and browse arbitrary information
- CVE-2025-0104 (CVSS ranking: 4.7) – A mirrored cross-site scripting (XSS) vulnerability that permits attackers to execute malicious JavaScript code within the context of an authenticated consumer’s browser if that authenticated consumer clicks a malicious hyperlink that permits phishing assaults and may just result in browser-session robbery
- CVE-2025-0105 (CVSS ranking: 2.7) – An arbitrary record deletion vulnerability that permits an unauthenticated attacker to delete arbitrary information out there to the www-data consumer at the host record gadget
- CVE-2025-0106 (CVSS ranking: 2.7) – A wildcard growth vulnerability that permits an unauthenticated attacker to enumerate information at the host record gadget
- CVE-2025-0107 (CVSS ranking: 2.3) – An working gadget (OS) command injection vulnerability that permits an authenticated attacker to run arbitrary OS instructions because the www-data consumer in Expedition, which ends up in the disclosure of usernames, cleartext passwords, software configurations, and software API keys for firewalls operating PAN-OS device
Palo Alto Networks mentioned the vulnerabilities were addressed in model 1.2.100 (CVE-2025-0103, CVE-2025-0104, and CVE-2025-0107) and 1.2.101 (CVE-2025-0105 and CVE-2025-0106), and that it does no longer intend to unlock any further updates or safety fixes.
As workarounds, it is really helpful to make sure that all community get admission to to Expedition is specific to simply licensed customers, hosts, and networks, or close down the provider if it is not in use.
SonicWalls Releases SonicOS Patches
The improvement coincides with SonicWall transport patches to remediate more than one flaws in SonicOS, two of which might be abused to reach authentication bypass and privilege escalation, respectively –
- CVE-2024-53704 (CVSS ranking: 8.2) – An Unsuitable Authentication vulnerability within the SSLVPN authentication mechanism that permits a far off attacker to avoid authentication.
- CVE-2024-53706 (CVSS ranking: 7.8) – A vulnerability within the Gen7 SonicOS Cloud platform NSv (AWS and Azure editions most effective) that permits a far off authenticated native low-privileged attacker to raise privileges to root and probably result in code execution.
Whilst there’s no proof that any of the aforementioned vulnerabilities were exploited within the wild, you must that customers take steps to use the most recent fixes once imaginable.
Vital Flaw in Aviatrix Controller Detailed
The updates additionally come as Polish cybersecurity corporate Securing detailed a most severity safety flaw impacting Aviatrix Controller (CVE-2024-50603, CVSS ranking: 10.0) which may be exploited to procure arbitrary code execution. It impacts variations 7.x via 7.2.4820.
The flaw, which is rooted in the truth that positive code segments in an API endpoint don’t sanitize user-supplied parameters (“list_flightpath_destination_instances” and “flightpath_connection_test”), has been addressed in variations 7.1.4191 or 7.2.4996.
“Because of the wrong neutralization of particular components utilized in an OS command, an unauthenticated attacker is in a position to remotely execute arbitrary code,” safety researcher Jakub Korepta mentioned.