CVE-2025-0104

A reflected cross-site scripting (XSS) vulnerability in Palo Alto Networks Expedition enables attackers to execute malicious JavaScript code in the context of an authenticated Expedition user’s browser if that authenticated user clicks a malicious link that allows phishing attacks and could lead to Expedition browser-session theft.

Credits

Mesut Cetin of RedTeamer IT Security
Advanced Research Team, CrowdStrike

References