Palo Alto Networks has announced software updates to remediate multiple security vulnerabilities found in its Expedition migration tool, with one critical flaw that could allow authenticated attackers unauthorized access to sensitive information.
In an advisory, Palo Alto Networks noted that the vulnerabilities enable attackers to read data from the Expedition database, including usernames, passwords, and device configurations. These issues arise from various security weaknesses:
- CVE-2025-0103 (CVSS score: 7.8): An SQL injection vulnerability enabling the disclosure of database contents and the ability to create and read arbitrary files.
- CVE-2025-0104 (CVSS score: 4.7): A reflected cross-site scripting (XSS) vulnerability that could let attackers execute harmful JavaScript in an authenticated user’s browser.
- CVE-2025-0105 (CVSS score: 2.7): This vulnerability allows unauthenticated attackers to delete arbitrary files accessible to the www-data user on the host file system.
- CVE-2025-0106 (CVSS score: 2.7): An ability for unauthenticated attackers to enumerate files on the host system.
- CVE-2025-0107 (CVSS score: 2.3): An OS command injection vulnerability allowing an authenticated attacker to execute arbitrary commands.
These vulnerabilities have been patched in versions 1.2.100 and 1.2.101 of the Expedition tool. However, Palo Alto Networks has indicated that it will not provide further updates or patches for Expedition, as it reached its end-of-life status on December 31, 2024. Users should restrict network access to authorized users only or consider shutting down the service if not in use.
In a related development, SonicWall has also released patches for multiple security flaws in its SonicOS. Two significant vulnerabilities include:
- CVE-2024-53704 (CVSS score: 8.2): An authentication bypass issue in the SSLVPN authentication process.
- CVE-2024-53706 (CVSS score: 7.8): A local low-privileged attacker may escalate privileges on the Gen7 SonicOS Cloud platform, potentially leading to code execution.
Although there are currently no indications that these vulnerabilities have been exploited in the wild, it is urged that users promptly apply the latest patches.
Further highlighting the urgency of security updates, a critical vulnerability has been reported by Securing, impacting the Aviatrix Controller (CVE-2024-50603, CVSS score: 10.0). This flaw allows unauthenticated attackers to execute arbitrary code remotely and affects versions 7.x through 7.2.4820. The issue arises from failing to sanitize user-supplied parameters within an API endpoint. This security risk has been addressed in versions 7.1.4191 and 7.2.4996.
With cybersecurity and tool vulnerabilities continuously emerging, maintaining up-to-date systems is critical to thwart potential attacks.
Welcome to DediRock, your trusted partner in high-performance hosting solutions. At DediRock, we specialize in providing dedicated servers, VPS hosting, and cloud services tailored to meet the unique needs of businesses and individuals alike. Our mission is to deliver reliable, scalable, and secure hosting solutions that empower our clients to achieve their digital goals. With a commitment to exceptional customer support, cutting-edge technology, and robust infrastructure, DediRock stands out as a leader in the hosting industry. Join us and experience the difference that dedicated service and unwavering reliability can make for your online presence. Launch our website.