CVE-2024-5910

UNKNOWN 0.0

⚠️ CISA KEV

Expedition: Missing Authentication Leads to Admin Account Takeover

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

Missing authentication for a critical function in Palo Alto Networks Expedition can lead to an Expedition admin account takeover for attackers with network access to Expedition. Note: Expedition is a tool aiding in configuration migration, tuning, and enrichment. Configuration secrets, credentials, and other data imported into Expedition is at risk due to this issue.

CWE	CWE-306
Vendor	palo alto networks
Product	expedition
Published	Jul 10, 2024
Last Updated	Oct 21, 2025

⚠️ Actively Exploited — Act Now

Get instant alerts for palo alto networks expedition

This vulnerability is actively exploited in the wild. Set up free real-time alerts so you're first to know about threats like CVE-2024-5910.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Palo Alto Networks / Expedition

1.2 < 1.2.92

References

NVD ↗ CVE.org ↗ EPSS Data ↗

security.paloaltonetworks.com: https://security.paloaltonetworks.com/CVE-2024-5910 cisa.gov: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-5910 horizon3.ai: https://www.horizon3.ai/attack-research/palo-alto-expedition-from-n-day-to-full-compromise

Credits

Brian Hysell (Synopsys CyRC)