Cyber Resilience

CVE-2025-0103

Critical

Published: 11 January 2025

Published
11 January 2025
Modified
23 January 2026
KEV Added
Patch
CVSS Score v4 9.2 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:C/RE:H/U:Amber
EPSS Score 0.0062 70.4th percentile
Risk Priority 19 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-0103 is a critical-severity SQL Injection (CWE-89) vulnerability in Paloaltonetworks Expedition. Its CVSS base score is 9.2 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 29.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-0103 is an SQL injection vulnerability (CWE-89) in Palo Alto Networks Expedition. Published on 2025-01-11, it carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and affects the Expedition management tool.

An authenticated attacker with network access and low-privilege user rights can exploit this vulnerability to reveal sensitive Expedition database contents, including password hashes, usernames, device configurations, and device API keys. The flaw also allows attackers to create and read arbitrary files on the Expedition system, potentially leading to full compromise.

The Palo Alto Networks security advisory PAN-SA-2025-0001 at https://security.paloaltonetworks.com/PAN-SA-2025-0001 provides details on mitigation and patching.

EU & UK References

Vulnerability details

An SQL injection vulnerability in Palo Alto Networks Expedition enables an authenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. This vulnerability also enables attackers to create and read arbitrary files…

more

on the Expedition system.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1213.006 Databases Collection
Adversaries may leverage databases to mine valuable information.
T1005 Data from Local System Collection
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
T1552.001 Credentials In Files Credential Access
Adversaries may search local file systems and remote file shares for files containing insecurely stored credentials.
Why these techniques?

SQL injection directly enables exploitation of the public-facing management app (T1190), extraction of DB contents like hashes/keys (T1213.006 and T1552.001), and arbitrary file read (T1005).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-0107Same product: Paloaltonetworks Expedition
CVE-2025-0105Same product: Paloaltonetworks Expedition
CVE-2025-0111Same vendor: Paloaltonetworks
CVE-2025-0108Same vendor: Paloaltonetworks
CVE-2025-25257Shared CWE-89
CVE-2018-25187Shared CWE-89
CVE-2025-24368Shared CWE-89
CVE-2019-25537Shared CWE-89
CVE-2019-25366Shared CWE-89
CVE-2019-25496Shared CWE-89

Affected Assets

paloaltonetworks
expedition
≤ 1.2.101

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly prevents SQL injection attacks like CVE-2025-0103 by validating and sanitizing all inputs to inhibit malicious code execution in database queries.

prevent

Requires identification, reporting, and correction of flaws such as the SQL injection vulnerability in Palo Alto Networks Expedition via timely patching.

detect

Monitors for unauthorized disclosure of sensitive database contents, including password hashes and API keys, enabled by this SQL injection vulnerability.

References