NA
CVSSv3

CVE-2025-0106

CVSSv4: 6.9 | CVSSv3: NA | CVSSv2: NA | VMScore: 790 | EPSS: 0.00043 | KEV: Not Included
Published: 11/01/2025 Updated: 11/01/2025

Vulnerability Summary

Unauthenticated Wildcard Expansion File Enumeration in Palo Alto Networks Expedition

Palo Alto Networks Expedition has a wildcard expansion vulnerability. An unauthenticated attacker can use this to list files on the host filesystem.

Solution

This issue is fixed in Expedition 1.2.101 and all later versions* of Expedition.

* Expedition reached its End of Life (EoL) date https://live.paloaltonetworks.com/t5/expedition-articles/important-update-end-of-life-announcement-for-palo-alto-networks/ta-p/589642 and is no longer supported. We added these fixes prior to the EoL date and we do not plan to make any additional updates or security fixes. Please use the suggested alternatives listed in the Expedition End of Life Announcement https://live.paloaltonetworks.com/t5/expedition-articles/important-update-end-of-life-announcement-for-palo-alto-networks/ta-p/589642 .
Vulnerable Product Search on Vulmon Subscribe to Product

palo alto networks cloud ngfw

palo alto networks expedition

palo alto networks panorama

palo alto networks pan-os

palo alto networks prisma access