What is CVE-2025-0107?

CVE-2025-0107 is a vulnerability in Palo Alto Networks Cloud Ngfw, classified under OS Command Injection. Published 2025-01-11.

Is CVE-2025-0107 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

RCE in Palo Alto Networks Cloud Ngfw

CVE-2025-0107

An OS command injection vulnerability in Palo Alto Networks Expedition enables an unauthenticated attacker to run arbitrary OS commands as the www-data user in Expedition, which results in the disclosure of usernames, cleartext passwords…

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.816 (99.2th percentile) — read the EPSS interpretation.

Affected products

Palo Alto Networks Cloud Ngfw — versions All
Palo Alto Networks Expedition — versions 1
Palo Alto Networks Panorama — versions All
Palo Alto Networks Pan-os — versions All
Palo Alto Networks Prisma Access — versions All

Weakness classification (CWE)

CWE-78 — OS Command Injection

Public proof-of-concept exploits

References

security.paloaltonetworks.com/PAN-SA-2025-0001 (vendor-advisory)

Frequently asked questions

What is CVE-2025-0107?: CVE-2025-0107 is a vulnerability in Palo Alto Networks Cloud Ngfw, classified under OS Command Injection. Published 2025-01-11.
Is CVE-2025-0107 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.