The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning regarding active exploitation of two critical vulnerabilities in Palo Alto Networks' Expedition software, identified as CVE-2024-9463 (OS Command Injection, CVSS 9.9) and CVE-2024-9465 (SQL Injection, CVSS 9.3). Exploitation allows unauthenticated attackers to execute root-level commands or access sensitive data, including usernames, passwords, device configurations, and API keys for PAN-OS firewalls. Palo Alto Networks patched these issues in October 2024 and has acknowledged active exploitation reports. Additionally, a recent unauthenticated remote command execution vulnerability affecting firewall management interfaces is being exploited in limited instances, with fixes and threat prevention measures underway.