Thursday , April 24 2025
Expedition

Palo Alto Networks Expedition Tool Vuln Lead to Exposure of Firewall Credentials

Palo Alto Networks released a security advisory about vulnerabilities in its Expedition migration tool that could expose sensitive data and enable unauthorized actions on affected systems.

Expedition, formerly the Migration Tool, is a free tool that helps users migrate to the Palo Alto Networks NGFW platform and provides a temporary workspace to optimize security policies.

SonicWall patched SSLVPN Vuln Allowing Firewall Crashing

SonicWall has revealed a vulnerability in its SonicOS SSLVPN Virtual Office interface that could let remote attackers crash firewall appliances....
Read More
SonicWall patched SSLVPN Vuln Allowing Firewall Crashing

GitLab Releases Security Update For Multiple Vulns

GitLab has announced a security advisory urging users to upgrade their self-managed installations right away. Versions 17.11.1, 17.10.5, and 17.9.7...
Read More
GitLab Releases Security Update For Multiple Vulns

ISPAB president “whatsapp” got hacked via phishing link

Imdadul Haque, the president of Internet Service Provider of Bangladesh (ISPAB) said, I automatically got back my WhatsApp account. What...
Read More
ISPAB president “whatsapp” got hacked via phishing link

Zyxel released patches 2 vulns in its USG FLEX H series firewalls

Zyxel Networks has issued critical security patches for two high-severity vulnerabilities in its USG FLEX H series firewalls. These flaws...
Read More
Zyxel released patches 2 vulns in its USG FLEX H series firewalls

South Korea’s largest SK Telecom Hit by Malware: SIM-related info leaked

South Korea's largest mobile operator, SK Telecom, is warning that a malware infection allowed threat actors to access sensitive USIM-related...
Read More
South Korea’s largest SK Telecom Hit by Malware: SIM-related info leaked

ChatGPT Develops Exploit for CVEs Before Public PoCs Share

Security researcher Matt Keeley showed that artificial intelligence can now develop working exploits for critical vulnerabilities before public proof-of-concept (PoC)...
Read More
ChatGPT Develops Exploit for CVEs Before Public PoCs Share

TP-Link Router Vulns Allow to Execute Malicious SQL Commands

Several vulnerabilities have been found in TP-Link routers, exposing users to serious security risks from SQL injection flaws in their...
Read More
TP-Link Router Vulns Allow to Execute Malicious SQL Commands

SSL.com’s domain validation system’s bug found: Hacker exploited

SSL.com has revealed a major security flaw in its domain validation system, which could enable attackers to acquire fake SSL...
Read More
SSL.com’s domain validation system’s bug found: Hacker exploited

Amazon Follows Microsoft’s Lead, Halts Some Data Center Deals

Amazon has paused some data center lease negotiations for its cloud division, particularly in international markets, according to Wells Fargo...
Read More
Amazon Follows Microsoft’s Lead, Halts Some Data Center Deals

Hackers Exploit Zoom’s Remote Control Feature for System Access

ELUSIVE COMET is a threat actor conducting a sophisticated attack campaign that uses Zoom's remote control feature to access victims'...
Read More
Hackers Exploit Zoom’s Remote Control Feature for System Access

These vulnerabilities pose serious risks for organizations using the tool for firewall migration and optimization. It is meant for temporary use only during migrations and not for production environments. The tool will reach its End of Life (EoL) on December 31, 2024.

Details Of The Vulnerabilities:

CVE-2025-0103 (CVSS 7.8): An SQL injection vulnerability lets authenticated attackers access Expedition’s database, exposing sensitive information such as password hashes and device configurations. It also allows them to create or read arbitrary files on the system.

CVE-2025-0104 (CVSS 4.7): A vulnerability that allows attackers to run harmful scripts in a user’s browser, which can lead to stealing information or hijacking sessions.

CVE-2025-0105 (CVSS 2.7): Allows unauthorized users to delete files accessible to the Expedition system’s “www-data” user.

CVE-2025-0106 (CVSS 2.7): A vulnerability allows attackers to list files on the system without needing to log in.

CVE-2025-0107 (CVSS 2.3): This vulnerability allows logged-in attackers to run any OS commands as the “www-data” user, potentially exposing sensitive firewall credentials.

These vulnerabilities don’t directly impact Palo Alto Networks firewalls, Panorama, Prisma Access, or Cloud NGFWs, but they severely weaken the security of systems using vulnerable Expedition versions.

Palo Alto Networks has released patches in Expedition version 1.2.101 and later. Organizations should upgrade immediately and change all credentials used with the tool.

Limiting network access to authorized users and disabling unused Expedition instances are essential to reduce risks.

Although there is currently no evidence of active exploitation, the existence of proof-of-concept exploits for similar vulnerabilities heightens concerns about possible future attacks. Organizations using Expedition must act quickly to protect their systems from unauthorized access.

Since Expedition has reached its end of life, users should switch to alternative tools recommended by Palo Alto Networks for firewall migration and policy optimization.

The discovery highlights the need to secure temporary tools like Expedition that manage sensitive data during important tasks, such as firewall migrations.

Check Also

Airport

Cyberattack on Malaysian airports: PM rejected $10 million ransom

Operations at Kuala Lumpur International Airport (KLIA) were unaffected by a cyber attack in which …

Leave a Reply

Your email address will not be published. Required fields are marked *