The addressed vulnerabilities could allow the remote attacker to conduct reflected XSS attacks by executing malicious JavaScript code in the context on the affected systems, and obtain sensitive information revealing Expedition database contents, such as password hashes, usernames, device configurations, and device API keys.

Sample of the addressed vulnerabilities:

Palo Alto Networks Expedition SQL injection Vulnerability (CVE-2025-0103):

• CVSS v4.0: 7.8
• Attack Vector: Network
• Attack Complexity: Low
• Privileges Required: None
• User Interaction: None
• Consequences: Obtain Information

It should be highlighted that Expedition is designed to only be used temporarily for migration purposes, not to be run in production. Additionally, Expedition reached its End of Life (EOL) date on December 31, 2024.