NA
CVSSv3

CVE-2025-0104

CVSSv4: 7 | CVSSv3: NA | CVSSv2: NA | VMScore: 800 | EPSS: 0.00043 | KEV: Not Included
Published: 11/01/2025 Updated: 11/01/2025

Vulnerability Summary

Reflected XSS Vulnerability in Palo Alto Networks Expedition

A reflected cross-site scripting (XSS) vulnerability exists in Palo Alto Networks Expedition. Attackers can run harmful JavaScript code in the browser of a user who is logged into Expedition if that user clicks on a harmful link. This can result in phishing attacks and the theft of the Expedition browser session.

Solution

This issue is fixed in Expedition 1.2.100 and all later versions* of Expedition.

* Expedition reached its End of Life (EoL) date https://live.paloaltonetworks.com/t5/expedition-articles/important-update-end-of-life-announcement-for-palo-alto-networks/ta-p/589642 and is no longer supported. We added these fixes prior to the EoL date and we do not plan to make any additional updates or security fixes. Please use the suggested alternatives listed in the Expedition End of Life Announcement https://live.paloaltonetworks.com/t5/expedition-articles/important-update-end-of-life-announcement-for-palo-alto-networks/ta-p/589642 .
Vulnerable Product Search on Vulmon Subscribe to Product

palo alto networks cloud ngfw

palo alto networks expedition

palo alto networks panorama

palo alto networks pan-os

palo alto networks prisma access