Palo Alto Networks has launched software program patches to handle a number of safety flaws in its Expedition migration device, together with a high-severity bug that an authenticated attacker might exploit to entry delicate information.
“A number of vulnerabilities within the Palo Alto Networks Expedition migration device allow an attacker to learn Expedition database contents and arbitrary recordsdata, in addition to create and delete arbitrary recordsdata on the Expedition system,” the corporate stated in an advisory.
“These recordsdata embody data akin to usernames, cleartext passwords, machine configurations, and machine API keys for firewalls operating PAN-OS software program.”
Expedition, a free device provided by Palo Alto Networks to facilitate migration from different firewall distributors to its personal platform, reached end-of-life (EoL) as of December 31, 2024. The listing of flaws is as follows –
- CVE-2025-0103 (CVSS rating: 7.8) – An SQL injection vulnerability that allows an authenticated attacker to disclose Expedition database contents, akin to password hashes, usernames, machine configurations, and machine API keys, in addition to create and browse arbitrary recordsdata
- CVE-2025-0104 (CVSS rating: 4.7) – A mirrored cross-site scripting (XSS) vulnerability that allows attackers to execute malicious JavaScript code within the context of an authenticated person’s browser if that authenticated person clicks a malicious hyperlink that enables phishing assaults and will result in browser-session theft
- CVE-2025-0105 (CVSS rating: 2.7) – An arbitrary file deletion vulnerability that allows an unauthenticated attacker to delete arbitrary recordsdata accessible to the www-data person on the host file system
- CVE-2025-0106 (CVSS rating: 2.7) – A wildcard growth vulnerability that enables an unauthenticated attacker to enumerate recordsdata on the host file system
- CVE-2025-0107 (CVSS rating: 2.3) – An working system (OS) command injection vulnerability that allows an authenticated attacker to run arbitrary OS instructions because the www-data person in Expedition, which ends up in the disclosure of usernames, cleartext passwords, machine configurations, and machine API keys for firewalls operating PAN-OS software program
Palo Alto Networks stated the vulnerabilities have been addressed in model 1.2.100 (CVE-2025-0103, CVE-2025-0104, and CVE-2025-0107) and 1.2.101 (CVE-2025-0105 and CVE-2025-0106), and that it doesn’t intend to launch any further updates or safety fixes.
As workarounds, it is really useful to make sure that all community entry to Expedition is restricted to solely licensed customers, hosts, and networks, or shut down the service if it isn’t in use.
SonicWalls Releases SonicOS Patches
The event coincides with SonicWall transport patches to remediate a number of flaws in SonicOS, two of which might be abused to realize authentication bypass and privilege escalation, respectively –
- CVE-2024-53704 (CVSS rating: 8.2) – An Improper Authentication vulnerability within the SSLVPN authentication mechanism that enables a distant attacker to bypass authentication.
- CVE-2024-53706 (CVSS rating: 7.8) – A vulnerability within the Gen7 SonicOS Cloud platform NSv (AWS and Azure editions solely) that enables a distant authenticated native low-privileged attacker to raise privileges to root and probably result in code execution.
Whereas there isn’t a proof that any of the aforementioned vulnerabilities have been exploited within the wild, it is important that customers take steps to use the newest fixes as quickly as attainable.
Essential Flaw in Aviatrix Controller Detailed
The updates additionally come as Polish cybersecurity firm Securing detailed a most severity safety flaw impacting Aviatrix Controller (CVE-2024-50603, CVSS rating: 10.0) that might be exploited to acquire arbitrary code execution. It impacts variations 7.x by way of 7.2.4820.
The flaw, which is rooted in the truth that sure code segments in an API endpoint don’t sanitize user-supplied parameters (“list_flightpath_destination_instances” and “flightpath_connection_test”), has been addressed in variations 7.1.4191 or 7.2.4996.
“As a result of improper neutralization of particular components utilized in an OS command, an unauthenticated attacker is ready to remotely execute arbitrary code,” safety researcher Jakub Korepta stated.
#Main #Vulnerabilities #Patched #SonicWall #Palo #Alto #Expedition #Aviatrix #Controllers
Azeem Rajpoot, the author behind This Blog, is a passionate tech enthusiast with a keen interest in exploring and sharing insights about the rapidly evolving world of technology.
With a background in Blogging, Azeem Rajpoot brings a unique perspective to the blog, offering in-depth analyses, reviews, and thought-provoking articles. Committed to making technology accessible to all, Azeem strives to deliver content that not only keeps readers informed about the latest trends but also sparks curiosity and discussions.
Follow Azeem on this exciting tech journey to stay updated and inspired.