Friday , May 23 2025
Expedition

Palo Alto Networks Expedition Tool Vuln Lead to Exposure of Firewall Credentials

Palo Alto Networks released a security advisory about vulnerabilities in its Expedition migration tool that could expose sensitive data and enable unauthorized actions on affected systems.

Expedition, formerly the Migration Tool, is a free tool that helps users migrate to the Palo Alto Networks NGFW platform and provides a temporary workspace to optimize security policies.

184 Million Leaked Credentials Discovered in Open Database

Security researchers have discovered a database with 184 million account credentials, highlighting the need to update compromised passwords, strengthen weak...
Read More
184 Million Leaked Credentials Discovered in Open Database

Palo Alto Networks Warns of XSS Flaw: PoC Released

Palo Alto Networks warns a reflected cross-site scripting (XSS) vulnerability, CVE-2025-0133, in the GlobalProtect gateway and portal features of its...
Read More
Palo Alto Networks Warns of XSS Flaw: PoC Released

Pwn2Own Berlin reveals 29 critical vulns in major tech firms

Pwn2Own Berlin 2025, a top cybersecurity contest, awarded $1,078,750 to researchers who discovered 29 zero-day vulnerabilities in various enterprise technologies....
Read More
Pwn2Own Berlin reveals 29 critical vulns in major tech firms

High-Severity Flaw Hits Atlassian Jira Data Center

A recently discovered vulnerability, CVE-2025-22157, threatens organizations using Atlassian’s Jira Core Data Center and Jira Service Management Data Center by...
Read More
High-Severity Flaw Hits Atlassian Jira Data Center

All major mobile networks go down across Spain

A nationwide phone network has gone down in Spain, shortly after blackouts caused chaos and significant financial losses. Emergency services...
Read More
All major mobile networks go down across Spain

Researchers found 200 billion files exposed in cloud buckets

Billions of files, including documents, source code, and backups, are leaking because of misconfigured cloud storage. Cyble, a cybersecurity company...
Read More
Researchers found 200 billion files exposed in cloud buckets

Bank server compromised using customer’s mobile, steal ₹11 crore

Cyber fraudsters hacked the Himachal Pradesh State Cooperative Bank's server using a customer's mobile phone. According to reports, the fraudsters...
Read More
Bank server compromised using customer’s mobile, steal ₹11 crore

“InfoSecCon-2025″ held successfully promising cyber resilience

"InfoSecCon-2025" was successfully held with tremendous audiences with various time demanding topics and keynotes at Dhaka on 16 May- 2025....
Read More
“InfoSecCon-2025″ held successfully promising cyber resilience

Intel PC, laptop and server processors affected for 6 years: Report

A new class of vulnerabilities in Intel processors, called Branch Predictor Race Conditions (BPRC), enables attackers to extract sensitive data...
Read More
Intel PC, laptop and server processors affected for 6 years: Report

CVSS 10.0 Flaw
Critical flaw in Siemens OZW Web Servers Enable Unauthenticated RCE

Siemens issued a security advisory (SSA-047424) for two serious vulnerabilities—CVE-2025-26389 and CVE-2025-26390—impacting the OZW672 and OZW772 web servers. These servers...
Read More
CVSS 10.0 Flaw  Critical flaw in Siemens OZW Web Servers Enable Unauthenticated RCE

These vulnerabilities pose serious risks for organizations using the tool for firewall migration and optimization. It is meant for temporary use only during migrations and not for production environments. The tool will reach its End of Life (EoL) on December 31, 2024.

Details Of The Vulnerabilities:

CVE-2025-0103 (CVSS 7.8): An SQL injection vulnerability lets authenticated attackers access Expedition’s database, exposing sensitive information such as password hashes and device configurations. It also allows them to create or read arbitrary files on the system.

CVE-2025-0104 (CVSS 4.7): A vulnerability that allows attackers to run harmful scripts in a user’s browser, which can lead to stealing information or hijacking sessions.

CVE-2025-0105 (CVSS 2.7): Allows unauthorized users to delete files accessible to the Expedition system’s “www-data” user.

CVE-2025-0106 (CVSS 2.7): A vulnerability allows attackers to list files on the system without needing to log in.

CVE-2025-0107 (CVSS 2.3): This vulnerability allows logged-in attackers to run any OS commands as the “www-data” user, potentially exposing sensitive firewall credentials.

These vulnerabilities don’t directly impact Palo Alto Networks firewalls, Panorama, Prisma Access, or Cloud NGFWs, but they severely weaken the security of systems using vulnerable Expedition versions.

Palo Alto Networks has released patches in Expedition version 1.2.101 and later. Organizations should upgrade immediately and change all credentials used with the tool.

Limiting network access to authorized users and disabling unused Expedition instances are essential to reduce risks.

Although there is currently no evidence of active exploitation, the existence of proof-of-concept exploits for similar vulnerabilities heightens concerns about possible future attacks. Organizations using Expedition must act quickly to protect their systems from unauthorized access.

Since Expedition has reached its end of life, users should switch to alternative tools recommended by Palo Alto Networks for firewall migration and policy optimization.

The discovery highlights the need to secure temporary tools like Expedition that manage sensitive data during important tasks, such as firewall migrations.

Check Also

Google

Google patched 2 Android zero-days and 60 other flaws

In its April 2025 security update, Google patched 62 vulnerabilities in Android, including two zero-days …

Leave a Reply

Your email address will not be published. Required fields are marked *