SQL Injection in Palo Alto Networks Cloud Ngfw
CVE-2025-0103
An SQL injection vulnerability in Palo Alto Networks Expedition enables an authenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. This vulnerability al…
Vulnerability class: SQL Injection
EPSS: 0.006 (44.0th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 8.8 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.
Affected products
- Palo Alto Networks Cloud Ngfw — versions All
- Palo Alto Networks Expedition — versions 1
- Palo Alto Networks Panorama — versions All
- Palo Alto Networks Pan-os — versions All
- Palo Alto Networks Prisma Access — versions All
- Paloaltonetworks Expedition
Weakness classification (CWE)
References
- psirt@paloaltonetworks.com (vendor-advisory, Vendor Advisory)
Frequently asked questions
- What is CVE-2025-0103?
- CVE-2025-0103 is a high-severity vulnerability in Palo Alto Networks Cloud Ngfw, classified under SQL Injection. CVSS score: 8.8/10. Published 2025-01-11.
- How severe is CVE-2025-0103?
- High severity. CVSS v3 base score is 8.8 out of 10.