Primary

Context

Palo Alto Networks Expedition Arbitrary File Deletion Vulnerability

Vulnerability

Patched

A vulnerability allowing arbitrary file deletion has been identified in Palo Alto Networks Expedition. This issue enables an unauthenticated attacker to delete files accessible to the www-data user on the host filesystem. Expedition is a migration tool that has reached its End of Life, with no further updates or security fixes planned.

Impact

Exploitation of this vulnerability allows for the deletion of arbitrary files on the host filesystem, potentially leading to disruption of services or loss of important data.

Remediation

Users are advised to update to Expedition version 1.2.101, the last available version before the tool's End of Life. If Expedition is not actively in use, it should be uninstalled or the software should be shut down.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

2.5

exploitability

7.0

remediation

8.3

relevance

0.0

threat

0.1

urgency

1.4

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

2.5

exploitability

7.0

remediation

8.3

relevance

0.0

threat

0.1

urgency

1.4

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Palo Alto Networks Expedition Arbitrary File Deletion Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Palo Alto Networks Expedition

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating