{"vulnerability": "CVE-2025-0107", "sightings": [{"uuid": "ae7b115a-e2d4-4bfd-80ef-8a3a8a2a140d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-0107", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfgqldrizf2k", "content": "", "creation_timestamp": "2025-01-11T03:16:20.811047Z"}, {"uuid": "59c24ac8-e148-449d-b324-32ad30e987a7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-0107", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lfgta4okd22i", "content": "", "creation_timestamp": "2025-01-11T04:03:48.506689Z"}, {"uuid": "71b95bfc-22a6-43f8-8b03-94c49c8fe37e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-0107", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3lfydd764ke2u", "content": "", "creation_timestamp": "2025-01-18T03:07:05.035905Z"}, {"uuid": "0c2d41da-28d9-4fb2-8200-2294c1f557cc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2025-0107", "type": "seen", "source": "https://bsky.app/profile/kyosuke-tanaka.bsky.social/post/3lfykbcs2gs23", "content": "", "creation_timestamp": "2025-01-18T05:11:17.984659Z"}, {"uuid": "f2254806-654b-45a0-9610-88c03b670836", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-0107", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3lg2q6vbupd2t", "content": "", "creation_timestamp": "2025-01-19T02:02:38.114632Z"}, {"uuid": "d07a7f97-d635-448c-8602-c86be6c6a3ae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-0107", "type": "seen", "source": "https://bsky.app/profile/tmjintel.bsky.social/post/3lg3zdoofia2z", "content": "", "creation_timestamp": "2025-01-19T14:19:02.122921Z"}, {"uuid": "3a01d6a6-b500-4531-8936-12fe073fb9d4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-0107", "type": "seen", "source": "https://bsky.app/profile/bolhasec.com/post/3lgdopndpdd2h", "content": "", "creation_timestamp": "2025-01-22T15:30:11.018485Z"}, {"uuid": "b6662d2d-105a-4ac1-b34d-2658f3347509", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-0107", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lqingcsaar2s", "content": "", "creation_timestamp": "2025-05-31T21:02:25.543508Z"}, {"uuid": "7c3d8010-fd7c-4489-bd52-df86ba21f787", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-0107", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2025/CVE-2025-0107.yaml", "content": "", "creation_timestamp": "2025-05-27T13:49:56.000000Z"}, {"uuid": "6a18cf80-c370-43b2-a343-dd1bcc3a8ee3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-0107", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-04-14)", "content": "", "creation_timestamp": "2026-04-14T00:00:00.000000Z"}, {"uuid": "2fba5421-214f-4b8e-b0c3-f09a04fbec28", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-0107", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-03-22)", "content": "", "creation_timestamp": "2026-03-22T00:00:00.000000Z"}, {"uuid": "8232a96f-958b-46d5-8bc3-ba996697f5e9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-0107", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-04-02)", "content": "", "creation_timestamp": "2026-04-02T00:00:00.000000Z"}, {"uuid": "8e374579-09b7-4fd1-98e5-7a66863733e2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-0107", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-02-10)", "content": "", "creation_timestamp": "2026-02-10T00:00:00.000000Z"}, {"uuid": "7c90d083-24e1-401c-8703-5bada3e82587", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-0107", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-02-11)", "content": "", "creation_timestamp": "2026-02-11T00:00:00.000000Z"}, {"uuid": "dcad59e1-49a5-4ad0-b8fd-f20b7ad6500c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-0107", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-01-19)", "content": "", "creation_timestamp": "2026-01-19T00:00:00.000000Z"}, {"uuid": "d44ea618-2407-4a2d-9fef-cd350ca2802e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-0107", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-04-18)", "content": "", "creation_timestamp": "2026-04-18T00:00:00.000000Z"}, {"uuid": "7c795240-96fc-440e-baca-8c7f4d0092d5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-0107", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-04-15)", "content": "", "creation_timestamp": "2026-04-15T00:00:00.000000Z"}, {"uuid": "6527bc50-327a-4ff7-af52-30a7a8cf0ce2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-0107", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-04-19)", "content": "", "creation_timestamp": "2026-04-19T00:00:00.000000Z"}, {"uuid": "90560112-1f1b-42a1-b1ea-d604908a896a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-0107", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/1266", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-0107\n\ud83d\udd39 Description: An OS command injection vulnerability in Palo Alto Networks Expedition enables an authenticated attacker to run arbitrary OS commands as the www-data user in Expedition, which results in the disclosure of usernames, cleartext passwords, device configurations, and device API keys for firewalls running PAN-OS software.\n\ud83d\udccf Published: 2025-01-11T03:02:49.517Z\n\ud83d\udccf Modified: 2025-01-11T03:02:49.517Z\n\ud83d\udd17 References:\n1. https://security.paloaltonetworks.com/PAN-SA-2025-0001", "creation_timestamp": "2025-01-11T04:03:58.000000Z"}, {"uuid": "e6f0cfef-801a-4fd7-a608-b2f42c924d86", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-0107", "type": "published-proof-of-concept", "source": "https://t.me/hackingbra/240", "content": "1. CVE-2025-0107:\nPalo Alto Expedition Tool OS Command Injection\nhttps://ssd-disclosure.com/ssd-advisory-palo-alto-expedition-rce-regionsdiscovery\n\n2. CVE-2025-22710:\nhttps://github.com/DoTTak/CVE-2025-22710\n\n3. Yubico PAM Module Vulnerability (CVE-2025-23013): A Deep Dive into Authentication Bypass in Certain Configurations\nhttps://cybersrcc.com/2025/01/18/yubico-pam-module-vulnerability-cve-2025-23013-a-deep-dive-into-authentication-bypass-in-certain-configurations", "creation_timestamp": "2025-01-21T03:14:24.000000Z"}, {"uuid": "37eeb9db-e016-4a75-86ac-91b1da05b9bd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-0107", "type": "seen", "source": "https://t.me/cvedetector/15024", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-0107 - Palo Alto Networks Expedition Command Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-0107 \nPublished : Jan. 11, 2025, 3:15 a.m. | 28\u00a0minutes ago \nDescription : An OS command injection vulnerability in Palo Alto Networks Expedition enables an authenticated attacker to run arbitrary OS commands as the www-data user in Expedition, which results in the disclosure of usernames, cleartext passwords, device configurations, and device API keys for firewalls running PAN-OS software. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"11 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-11T04:53:15.000000Z"}, {"uuid": "e528d42d-3f2c-4aa1-a5cb-bc471fcb8e05", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-0107", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/11712", "content": "#exploit\n1. CVE-2025-0107:\nPalo Alto Expedition Tool OS Command Injection\n\n2. CVE-2025-22710:\nWP WooCommerce SQLI\n\n3. CVE-2025-23013:\nYubico PAM Module Authentication Bypass in Certain Configurations", "creation_timestamp": "2025-01-21T17:53:47.000000Z"}, {"uuid": "7ad4dd5c-f465-4805-b3d5-fee7cab24d59", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-0107", "type": "published-proof-of-concept", "source": "https://t.me/ckeArsenal/368", "content": "https://ssd-disclosure.com/ssd-advisory-palo-alto-expedition-rce-regionsdiscovery/\n\nCVE-2025-0107\n#exploit", "creation_timestamp": "2025-01-21T16:16:14.000000Z"}, {"uuid": "0a8ae4dc-26f5-4f50-ba7d-c6bd66941179", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-0107", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-05-04)", "content": "", "creation_timestamp": "2026-05-04T00:00:00.000000Z"}]}