Vulnerabilites related to Palo Alto Networks - Cortex XDR Broker VM
CVE-2025-0119 (GCVE-0-2025-0119)
Vulnerability from cvelistv5
Published
2025-04-11 17:37
Modified
2025-04-11 19:00
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Summary
A command injection vulnerability in the Palo Alto Networks Cortex XDR® Broker VM allows an authenticated user to execute arbitrary OS commands with root privileges on the host operating system running Broker VM.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security.paloaltonetworks.com/CVE-2025-0119 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Palo Alto Networks | Cortex XDR Broker VM |
Version: 1.0.0 < 26.100.3 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0119",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-11T19:00:41.272635Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-11T19:00:51.084Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Cortex XDR Broker VM",
"vendor": "Palo Alto Networks",
"versions": [
{
"changes": [
{
"at": "26.100.3",
"status": "unaffected"
}
],
"lessThan": "26.100.3",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "No special configuration is required to be affected by this issue."
}
],
"value": "No special configuration is required to be affected by this issue."
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Bartosz Cha\u0142ek"
},
{
"lang": "en",
"type": "finder",
"value": "Piotr Kozowicz of CERT Team of ING Bank Slaski"
}
],
"datePublic": "2025-04-09T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A command injection vulnerability\u0026nbsp;in the Palo Alto Networks Cortex XDR\u00ae Broker VM\u0026nbsp;allows an authenticated user to execute arbitrary OS commands with root privileges on the host operating system running Broker VM."
}
],
"value": "A command injection vulnerability\u00a0in the Palo Alto Networks Cortex XDR\u00ae Broker VM\u00a0allows an authenticated user to execute arbitrary OS commands with root privileges on the host operating system running Broker VM."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"impacts": [
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-242 Code Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:H/SI:H/SA:H/AU:N/R:U/V:D/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-11T17:37:54.484Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://security.paloaltonetworks.com/CVE-2025-0119"
}
],
"solutions": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This issue is fixed in Broker VM 26.100.3 and all later Broker VM versions. If you enabled automatic upgrades for Broker VM, then no action is required at this time. If you did not enable automatic upgrades, then we recommend that you do so for Broker VM to ensure that you always have the latest security patches installed in your software."
}
],
"value": "This issue is fixed in Broker VM 26.100.3 and all later Broker VM versions. If you enabled automatic upgrades for Broker VM, then no action is required at this time. If you did not enable automatic upgrades, then we recommend that you do so for Broker VM to ensure that you always have the latest security patches installed in your software."
}
],
"source": {
"defect": [
"CRTX-105746",
"CRTX-147814"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2025-04-09T16:00:00.000Z",
"value": "Initial Publication"
}
],
"title": "Cortex XDR Broker VM: Authenticated Command Injection Vulnerability in Broker VM",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are no known workarounds or mitigations for this issue."
}
],
"value": "There are no known workarounds or mitigations for this issue."
}
],
"x_affectedList": [
"Cortex XDR Broker VM 26.100.0",
"Cortex XDR Broker VM 26.100.1",
"Cortex XDR Broker VM 26.100.2"
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2025-0119",
"datePublished": "2025-04-11T17:37:54.484Z",
"dateReserved": "2024-12-20T23:23:20.523Z",
"dateUpdated": "2025-04-11T19:00:51.084Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-0132 (GCVE-0-2025-0132)
Vulnerability from cvelistv5
Published
2025-05-14 18:07
Modified
2025-05-14 20:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-306 - Missing Authentication for Critical Function
Summary
A missing authentication vulnerability in Palo Alto Networks Cortex XDR® Broker VM allows an unauthenticated user to disable certain internal services on the Broker VM.
The attacker must have network access to the Broker VM to exploit this issue.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security.paloaltonetworks.com/CVE-2025-0132 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Palo Alto Networks | Cortex XDR Broker VM |
Version: 26.0.0 < 26.0.119 cpe:2.3:a:paloaltonetworks:cortex_xdr_broker_vm:26.100.10:*:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:cortex_xdr_broker_vm:26.100.3:*:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:cortex_xdr_broker_vm:26.0.119:*:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:cortex_xdr_broker_vm:26.0.116:*:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:cortex_xdr_broker_vm:25.100.4:*:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:cortex_xdr_broker_vm:25.0.44:*:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:cortex_xdr_broker_vm:24.100.4:*:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:cortex_xdr_broker_vm:24.4.7:*:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:cortex_xdr_broker_vm:24.2.8:*:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:cortex_xdr_broker_vm:24.5.1:*:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:cortex_xdr_broker_vm:23.100.2:*:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:cortex_xdr_broker_vm:23.0.35:*:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:cortex_xdr_broker_vm:23.0.33:*:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:cortex_xdr_broker_vm:22.0.35:*:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:cortex_xdr_broker_vm:22.0.32:*:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:cortex_xdr_broker_vm:21.5.4:*:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:cortex_xdr_broker_vm:20.9.1:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0132",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-14T20:51:30.365291Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-14T20:51:36.216Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:paloaltonetworks:cortex_xdr_broker_vm:26.100.10:*:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:cortex_xdr_broker_vm:26.100.3:*:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:cortex_xdr_broker_vm:26.0.119:*:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:cortex_xdr_broker_vm:26.0.116:*:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:cortex_xdr_broker_vm:25.100.4:*:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:cortex_xdr_broker_vm:25.0.44:*:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:cortex_xdr_broker_vm:24.100.4:*:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:cortex_xdr_broker_vm:24.4.7:*:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:cortex_xdr_broker_vm:24.2.8:*:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:cortex_xdr_broker_vm:24.5.1:*:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:cortex_xdr_broker_vm:23.100.2:*:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:cortex_xdr_broker_vm:23.0.35:*:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:cortex_xdr_broker_vm:23.0.33:*:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:cortex_xdr_broker_vm:22.0.35:*:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:cortex_xdr_broker_vm:22.0.32:*:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:cortex_xdr_broker_vm:21.5.4:*:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:cortex_xdr_broker_vm:20.9.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Cortex XDR Broker VM",
"vendor": "Palo Alto Networks",
"versions": [
{
"changes": [
{
"at": "26.0.119",
"status": "unaffected"
}
],
"lessThan": "26.0.119",
"status": "affected",
"version": "26.0.0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "No special configuration is required to be affected by this issue."
}
],
"value": "No special configuration is required to be affected by this issue."
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Bartosz Cha\u0142ek"
},
{
"lang": "en",
"type": "finder",
"value": "Piotr Kozowicz of CERT Team of ING Bank Slaski"
}
],
"datePublic": "2025-05-14T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A missing authentication vulnerability in Palo Alto Networks Cortex XDR\u00ae Broker VM allows an unauthenticated user to disable certain internal services on the Broker VM.\u0026nbsp;\u003cbr\u003e\u003cbr\u003eThe attacker must have network access to the Broker VM to exploit this issue."
}
],
"value": "A missing authentication vulnerability in Palo Alto Networks Cortex XDR\u00ae Broker VM allows an unauthenticated user to disable certain internal services on the Broker VM.\u00a0\n\nThe attacker must have network access to the Broker VM to exploit this issue."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"impacts": [
{
"capecId": "CAPEC-36",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-36 Using Unpublished APIs"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "CONCENTRATED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/AU:Y/R:U/V:C/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-14T18:07:15.351Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://security.paloaltonetworks.com/CVE-2025-0132"
}
],
"solutions": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This issue is fixed in Cortex XDR Broker VM 26.0.119, and all later Cortex XDR Broker VM versions.\u003cbr\u003e\u003cul\u003e\u003cli\u003eIf you enabled automatic upgrades for Broker VM, then no action is required at this time.\u0026nbsp;\u003c/li\u003e\u003cli\u003eIf you did not enable automatic upgrades, then we recommend that you do so for Broker VM to ensure that you always have the latest security patches installed in your software.\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "This issue is fixed in Cortex XDR Broker VM 26.0.119, and all later Cortex XDR Broker VM versions.\n * If you enabled automatic upgrades for Broker VM, then no action is required at this time.\u00a0\n * If you did not enable automatic upgrades, then we recommend that you do so for Broker VM to ensure that you always have the latest security patches installed in your software."
}
],
"source": {
"defect": [
"CRTX-147815"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2025-05-14T16:00:00.000Z",
"value": "Initial Publication"
}
],
"title": "Cortex XDR Broker VM: Unauthenticated User Can Disable Internal Services",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "No known workarounds or mitigations exist for this issue."
}
],
"value": "No known workarounds or mitigations exist for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2025-0132",
"datePublished": "2025-05-14T18:07:15.351Z",
"dateReserved": "2024-12-20T23:23:32.897Z",
"dateUpdated": "2025-05-14T20:51:36.216Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-0113 (GCVE-0-2025-0113)
Vulnerability from cvelistv5
Published
2025-02-12 21:05
Modified
2025-04-09 16:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-424 - Improper Protection of Alternate Path
Summary
A problem with the network isolation mechanism of the Palo Alto Networks Cortex XDR Broker VM allows attackers unauthorized access to Docker containers from the host network used by Broker VM. This may allow access to read files sent for analysis and logs transmitted by the Cortex XDR Agent to the Cortex XDR server.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security.paloaltonetworks.com/CVE-2025-0113 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Palo Alto Networks | Cortex XDR Broker VM |
Version: 1.0.0 < 26.0.116 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0113",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-12T21:20:51.871975Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T21:22:17.666Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Cortex XDR Broker VM",
"vendor": "Palo Alto Networks",
"versions": [
{
"changes": [
{
"at": "26.0.116",
"status": "unaffected"
}
],
"lessThan": "26.0.116",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "No special configuration is required to be affected by this issue."
}
],
"value": "No special configuration is required to be affected by this issue."
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Julian Imper at Netcloud AG"
}
],
"datePublic": "2025-02-12T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A problem with the network isolation mechanism of the Palo Alto Networks Cortex XDR Broker VM allows attackers unauthorized access to Docker containers from the host network used by Broker VM. This may allow access to read files sent for analysis and logs transmitted by the Cortex XDR Agent to the Cortex XDR server."
}
],
"value": "A problem with the network isolation mechanism of the Palo Alto Networks Cortex XDR Broker VM allows attackers unauthorized access to Docker containers from the host network used by Broker VM. This may allow access to read files sent for analysis and logs transmitted by the Cortex XDR Agent to the Cortex XDR server."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"impacts": [
{
"capecId": "CAPEC-629",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-629 Unauthorized Use of Device Resources"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "PHYSICAL",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "CONCENTRATED",
"vectorString": "CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/AU:Y/R:U/V:C/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-424",
"description": "CWE-424: Improper Protection of Alternate Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-09T16:16:48.152Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://security.paloaltonetworks.com/CVE-2025-0113"
}
],
"solutions": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This issue is fixed in Broker VM 26.0.116, and all later Broker VM versions.\u0026nbsp;If you have enabled automatic upgrades for Broker VM, no action is needed. If you do not, we recommend that you enable automatic upgrades for Broker VM to ensure that you always have the latest security patches installed."
}
],
"value": "This issue is fixed in Broker VM 26.0.116, and all later Broker VM versions.\u00a0If you have enabled automatic upgrades for Broker VM, no action is needed. If you do not, we recommend that you enable automatic upgrades for Broker VM to ensure that you always have the latest security patches installed."
}
],
"source": {
"defect": [
"CRTX-123680"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2025-02-12T17:00:00.000Z",
"value": "Initial Publication"
}
],
"title": "Cortex XDR Broker VM: Unauthorized Access to Broker VM Docker Containers",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are no known workarounds or mitigations for this issue."
}
],
"value": "There are no known workarounds or mitigations for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2025-0113",
"datePublished": "2025-02-12T21:05:08.795Z",
"dateReserved": "2024-12-20T23:23:14.923Z",
"dateUpdated": "2025-04-09T16:16:48.152Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-4228 (GCVE-0-2025-4228)
Vulnerability from cvelistv5
Published
2025-06-12 23:41
Modified
2025-06-14 03:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-266 - Incorrect Privilege Assignment
Summary
An incorrect privilege assignment vulnerability in Palo Alto Networks Cortex® XDR Broker VM allows an authenticated administrative user to execute certain files available within the Broker VM and escalate their privileges to root.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security.paloaltonetworks.com/CVE-2025-4228 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Palo Alto Networks | Cortex XDR Broker VM |
Version: 27.0.0 < 27.0.26 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4228",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-13T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-14T03:56:20.140Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Cortex XDR Broker VM",
"vendor": "Palo Alto Networks",
"versions": [
{
"changes": [
{
"at": "27.0.26",
"status": "unaffected"
}
],
"lessThan": "27.0.26",
"status": "affected",
"version": "27.0.0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eNo special configuration is required to be affected by this issue.\u003c/p\u003e"
}
],
"value": "No special configuration is required to be affected by this issue."
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "This issue was discovered during an internal penetration test"
}
],
"datePublic": "2025-06-11T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An incorrect privilege assignment vulnerability in Palo Alto Networks Cortex\u00ae XDR Broker VM allows an authenticated administrative user to execute certain files available within the Broker VM and escalate their privileges to root."
}
],
"value": "An incorrect privilege assignment vulnerability in Palo Alto Networks Cortex\u00ae XDR Broker VM allows an authenticated administrative user to execute certain files available within the Broker VM and escalate their privileges to root."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/AU:N/R:U/V:D/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "CWE-266 Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-12T23:41:37.071Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://security.paloaltonetworks.com/CVE-2025-4228"
}
],
"solutions": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThis issue is fixed in Cortex XDR Broker VM 27.0.26, and all later Cortex XDR Broker VM versions.\u003cbr\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eIf you enabled automatic upgrades for Broker VM, then no action is required at this time. \u003c/li\u003e\u003cli\u003eIf you did not enable automatic upgrades, then we recommend that you do so for Broker VM to ensure that you always have the latest security patches installed in your software.\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "This issue is fixed in Cortex XDR Broker VM 27.0.26, and all later Cortex XDR Broker VM versions.\n\n\n * If you enabled automatic upgrades for Broker VM, then no action is required at this time. \n * If you did not enable automatic upgrades, then we recommend that you do so for Broker VM to ensure that you always have the latest security patches installed in your software."
}
],
"source": {
"defect": [
"CRTX-101363",
"CRTX-101771"
],
"discovery": "INTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2025-06-11T16:00:00.000Z",
"value": "Initial Publication"
}
],
"title": "Cortex XDR Broker VM: Privilege Escalation (PE) Vulnerability",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eNo known workarounds or mitigations exist for this issue.\u003c/p\u003e"
}
],
"value": "No known workarounds or mitigations exist for this issue."
}
],
"x_affectedList": [
"Cortex XDR Broker VM 26.0.0",
"Cortex XDR Broker VM 26.0.1",
"Cortex XDR Broker VM 26.0.2",
"Cortex XDR Broker VM 26.0.3",
"Cortex XDR Broker VM 26.0.4",
"Cortex XDR Broker VM 26.0.5",
"Cortex XDR Broker VM 26.0.6",
"Cortex XDR Broker VM 26.0.7",
"Cortex XDR Broker VM 26.0.8",
"Cortex XDR Broker VM 26.0.9",
"Cortex XDR Broker VM 26.0.10",
"Cortex XDR Broker VM 26.0.11",
"Cortex XDR Broker VM 26.0.12",
"Cortex XDR Broker VM 26.0.13",
"Cortex XDR Broker VM 26.0.14",
"Cortex XDR Broker VM 26.0.15",
"Cortex XDR Broker VM 26.0.16",
"Cortex XDR Broker VM 26.0.17",
"Cortex XDR Broker VM 26.0.18",
"Cortex XDR Broker VM 26.0.19",
"Cortex XDR Broker VM 26.0.20",
"Cortex XDR Broker VM 26.0.21",
"Cortex XDR Broker VM 26.0.22",
"Cortex XDR Broker VM 26.0.23",
"Cortex XDR Broker VM 26.0.24",
"Cortex XDR Broker VM 26.0.25",
"Cortex XDR Broker VM 26.0.26",
"Cortex XDR Broker VM 26.0.27",
"Cortex XDR Broker VM 26.0.28",
"Cortex XDR Broker VM 26.0.29",
"Cortex XDR Broker VM 26.0.30",
"Cortex XDR Broker VM 26.0.31",
"Cortex XDR Broker VM 26.0.32",
"Cortex XDR Broker VM 26.0.33",
"Cortex XDR Broker VM 26.0.34",
"Cortex XDR Broker VM 26.0.35",
"Cortex XDR Broker VM 26.0.36",
"Cortex XDR Broker VM 26.0.37",
"Cortex XDR Broker VM 26.0.38",
"Cortex XDR Broker VM 26.0.39",
"Cortex XDR Broker VM 26.0.40",
"Cortex XDR Broker VM 26.0.41",
"Cortex XDR Broker VM 26.0.42",
"Cortex XDR Broker VM 26.0.43",
"Cortex XDR Broker VM 26.0.44",
"Cortex XDR Broker VM 26.0.45",
"Cortex XDR Broker VM 26.0.46",
"Cortex XDR Broker VM 26.0.47",
"Cortex XDR Broker VM 26.0.48",
"Cortex XDR Broker VM 26.0.49",
"Cortex XDR Broker VM 26.0.50",
"Cortex XDR Broker VM 26.0.51",
"Cortex XDR Broker VM 26.0.52",
"Cortex XDR Broker VM 26.0.53",
"Cortex XDR Broker VM 26.0.54",
"Cortex XDR Broker VM 26.0.55",
"Cortex XDR Broker VM 26.0.56",
"Cortex XDR Broker VM 26.0.57",
"Cortex XDR Broker VM 26.0.58",
"Cortex XDR Broker VM 26.0.59",
"Cortex XDR Broker VM 26.0.60",
"Cortex XDR Broker VM 26.0.61",
"Cortex XDR Broker VM 26.0.62",
"Cortex XDR Broker VM 26.0.63",
"Cortex XDR Broker VM 26.0.64",
"Cortex XDR Broker VM 26.0.65",
"Cortex XDR Broker VM 26.0.66",
"Cortex XDR Broker VM 26.0.67",
"Cortex XDR Broker VM 26.0.68",
"Cortex XDR Broker VM 26.0.69",
"Cortex XDR Broker VM 26.0.70",
"Cortex XDR Broker VM 26.0.71",
"Cortex XDR Broker VM 26.0.72",
"Cortex XDR Broker VM 26.0.73",
"Cortex XDR Broker VM 26.0.74",
"Cortex XDR Broker VM 26.0.75",
"Cortex XDR Broker VM 26.0.76",
"Cortex XDR Broker VM 26.0.77",
"Cortex XDR Broker VM 26.0.78",
"Cortex XDR Broker VM 26.0.79",
"Cortex XDR Broker VM 26.0.80",
"Cortex XDR Broker VM 26.0.81",
"Cortex XDR Broker VM 26.0.82",
"Cortex XDR Broker VM 26.0.83",
"Cortex XDR Broker VM 26.0.84",
"Cortex XDR Broker VM 26.0.85",
"Cortex XDR Broker VM 26.0.86",
"Cortex XDR Broker VM 26.0.87",
"Cortex XDR Broker VM 26.0.88",
"Cortex XDR Broker VM 26.0.89",
"Cortex XDR Broker VM 26.0.90",
"Cortex XDR Broker VM 26.0.91",
"Cortex XDR Broker VM 26.0.92",
"Cortex XDR Broker VM 26.0.93",
"Cortex XDR Broker VM 26.0.94",
"Cortex XDR Broker VM 26.0.95",
"Cortex XDR Broker VM 26.0.96",
"Cortex XDR Broker VM 26.0.97",
"Cortex XDR Broker VM 26.0.98",
"Cortex XDR Broker VM 26.0.99",
"Cortex XDR Broker VM 26.0.100",
"Cortex XDR Broker VM 26.0.101",
"Cortex XDR Broker VM 26.0.102",
"Cortex XDR Broker VM 26.0.103",
"Cortex XDR Broker VM 26.0.104",
"Cortex XDR Broker VM 26.0.105",
"Cortex XDR Broker VM 26.0.106",
"Cortex XDR Broker VM 26.0.107",
"Cortex XDR Broker VM 26.0.108",
"Cortex XDR Broker VM 26.0.109",
"Cortex XDR Broker VM 26.0.110",
"Cortex XDR Broker VM 26.0.111",
"Cortex XDR Broker VM 26.0.112",
"Cortex XDR Broker VM 26.0.113",
"Cortex XDR Broker VM 26.0.114",
"Cortex XDR Broker VM 26.0.115",
"Cortex XDR Broker VM 26.0.116",
"Cortex XDR Broker VM 26.0.117",
"Cortex XDR Broker VM 26.0.118"
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2025-4228",
"datePublished": "2025-06-12T23:41:37.071Z",
"dateReserved": "2025-05-02T19:10:41.205Z",
"dateUpdated": "2025-06-14T03:56:20.140Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-2184 (GCVE-0-2025-2184)
Vulnerability from cvelistv5
Published
2025-08-13 17:05
Modified
2025-08-13 20:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-1392 - Use of Default Credentials
Summary
A credential management flaw in Palo Alto Networks Cortex XDR® Broker VM causes different Broker VM images to share identical default credentials for internal services. Users knowing these default credentials could access internal services on other Broker VM installations.
The attacker must have network access to the Broker VM to exploit this issue.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security.paloaltonetworks.com/CVE-2025-2184 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Palo Alto Networks | Cortex XDR Broker VM |
Version: 28.0.0 < 28.0.52 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2184",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-13T20:33:30.348557Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-13T20:33:40.634Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Cortex XDR Broker VM",
"vendor": "Palo Alto Networks",
"versions": [
{
"changes": [
{
"at": "28.0.52",
"status": "unaffected"
}
],
"lessThan": "28.0.52",
"status": "affected",
"version": "28.0.0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "No special configuration is required to be affected by this issue."
}
],
"value": "No special configuration is required to be affected by this issue."
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "This issue was discovered during an internal penetration test."
}
],
"datePublic": "2025-08-13T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A credential management flaw in Palo Alto Networks Cortex XDR\u00ae Broker VM causes different Broker VM images to share identical default credentials for internal services. Users knowing these default credentials could access internal services on other Broker VM installations.\u003cbr\u003e\u003cbr\u003eThe attacker must have network access to the Broker VM to exploit this issue."
}
],
"value": "A credential management flaw in Palo Alto Networks Cortex XDR\u00ae Broker VM causes different Broker VM images to share identical default credentials for internal services. Users knowing these default credentials could access internal services on other Broker VM installations.\n\nThe attacker must have network access to the Broker VM to exploit this issue."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"impacts": [
{
"capecId": "CAPEC-114",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-114 Authentication Abuse"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "PHYSICAL",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "CONCENTRATED",
"vectorString": "CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/AU:Y/R:U/V:C/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1392",
"description": "CWE-1392: Use of Default Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-13T17:05:30.544Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://security.paloaltonetworks.com/CVE-2025-2184"
}
],
"solutions": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIf automatic upgrades are enabled for Broker VM, then no action is required at this time.\u003cbr\u003e\u003c/p\u003e\u003cb\u003e\u003c/b\u003e\u003cp\u003eIf automatic upgrades are not enabled for Broker VM, then we recommend that you do so to ensure that you always have the latest security patches installed in your software.\u003c/p\u003e"
}
],
"value": "If automatic upgrades are enabled for Broker VM, then no action is required at this time.\n\n\nIf automatic upgrades are not enabled for Broker VM, then we recommend that you do so to ensure that you always have the latest security patches installed in your software."
}
],
"source": {
"defect": [
"CRTX-104867"
],
"discovery": "INTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2025-08-13T16:00:00.000Z",
"value": "Initial Publication"
}
],
"title": "Cortex XDR Broker VM: Secrets Shared Across Multiple Broker VM Images",
"workarounds": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "No known workarounds exist for this issue."
}
],
"value": "No known workarounds exist for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2025-2184",
"datePublished": "2025-08-13T17:05:30.544Z",
"dateReserved": "2025-03-10T17:56:27.007Z",
"dateUpdated": "2025-08-13T20:33:40.634Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-0134 (GCVE-0-2025-0134)
Vulnerability from cvelistv5
Published
2025-05-14 18:07
Modified
2025-05-15 04:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Summary
A code injection vulnerability in the Palo Alto Networks Cortex XDR® Broker VM allows an authenticated user to execute arbitrary code with root privileges on the host operating system running Broker VM.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security.paloaltonetworks.com/CVE-2025-0134 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Palo Alto Networks | Cortex XDR Broker VM |
Version: 26.0.0 < 26.0.119 cpe:2.3:a:paloaltonetworks:cortex_xdr_broker_vm:26.100.10:*:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:cortex_xdr_broker_vm:26.100.3:*:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:cortex_xdr_broker_vm:26.0.119:*:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:cortex_xdr_broker_vm:26.0.116:*:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:cortex_xdr_broker_vm:25.100.4:*:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:cortex_xdr_broker_vm:25.0.44:*:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:cortex_xdr_broker_vm:24.100.4:*:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:cortex_xdr_broker_vm:24.4.7:*:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:cortex_xdr_broker_vm:24.2.8:*:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:cortex_xdr_broker_vm:24.5.1:*:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:cortex_xdr_broker_vm:23.100.2:*:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:cortex_xdr_broker_vm:23.0.35:*:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:cortex_xdr_broker_vm:23.0.33:*:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:cortex_xdr_broker_vm:22.0.35:*:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:cortex_xdr_broker_vm:22.0.32:*:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:cortex_xdr_broker_vm:21.5.4:*:*:*:*:*:*:* cpe:2.3:a:paloaltonetworks:cortex_xdr_broker_vm:20.9.1:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0134",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-14T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-15T04:02:09.561Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:paloaltonetworks:cortex_xdr_broker_vm:26.100.10:*:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:cortex_xdr_broker_vm:26.100.3:*:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:cortex_xdr_broker_vm:26.0.119:*:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:cortex_xdr_broker_vm:26.0.116:*:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:cortex_xdr_broker_vm:25.100.4:*:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:cortex_xdr_broker_vm:25.0.44:*:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:cortex_xdr_broker_vm:24.100.4:*:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:cortex_xdr_broker_vm:24.4.7:*:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:cortex_xdr_broker_vm:24.2.8:*:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:cortex_xdr_broker_vm:24.5.1:*:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:cortex_xdr_broker_vm:23.100.2:*:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:cortex_xdr_broker_vm:23.0.35:*:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:cortex_xdr_broker_vm:23.0.33:*:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:cortex_xdr_broker_vm:22.0.35:*:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:cortex_xdr_broker_vm:22.0.32:*:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:cortex_xdr_broker_vm:21.5.4:*:*:*:*:*:*:*",
"cpe:2.3:a:paloaltonetworks:cortex_xdr_broker_vm:20.9.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Cortex XDR Broker VM",
"vendor": "Palo Alto Networks",
"versions": [
{
"changes": [
{
"at": "26.0.119",
"status": "unaffected"
}
],
"lessThan": "26.0.119",
"status": "affected",
"version": "26.0.0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "No special configuration is required to be affected by this issue."
}
],
"value": "No special configuration is required to be affected by this issue."
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Christiaan van Aken"
}
],
"datePublic": "2025-05-14T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A code injection vulnerability in the Palo Alto Networks Cortex XDR\u00ae Broker VM allows an authenticated user to execute arbitrary code with root privileges on the host operating system running Broker VM."
}
],
"value": "A code injection vulnerability in the Palo Alto Networks Cortex XDR\u00ae Broker VM allows an authenticated user to execute arbitrary code with root privileges on the host operating system running Broker VM."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"impacts": [
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-242 Code Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "USER",
"Safety": "NEGLIGIBLE",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "CONCENTRATED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:H/SI:H/SA:H/S:N/AU:N/R:U/V:C/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-14T18:07:54.706Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://security.paloaltonetworks.com/CVE-2025-0134"
}
],
"solutions": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This issue is fixed in Cortex XDR Broker VM 26.0.119, and all later Cortex XDR Broker VM versions. \u003cbr\u003e\u003cul\u003e\u003cli\u003eIf you enabled automatic upgrades for Broker VM, then no action is required at this time.\u003c/li\u003e\u003cli\u003eIf you did not enable automatic upgrades, then we recommend you do so for Broker VM to ensure that you always have the latest security patches installed in your software.\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "This issue is fixed in Cortex XDR Broker VM 26.0.119, and all later Cortex XDR Broker VM versions. \n * If you enabled automatic upgrades for Broker VM, then no action is required at this time.\n * If you did not enable automatic upgrades, then we recommend you do so for Broker VM to ensure that you always have the latest security patches installed in your software."
}
],
"source": {
"defect": [
"CRTX-105741"
],
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "en",
"time": "2025-05-14T16:00:00.000Z",
"value": "Initial Publication"
}
],
"title": "Cortex XDR Broker VM: Authenticated Code Injection Vulnerability in Broker VM",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are no known workarounds or mitigations for this issue."
}
],
"value": "There are no known workarounds or mitigations for this issue."
}
],
"x_affectedList": [
"Cortex XDR Broker VM 26.0.0",
"Cortex XDR Broker VM 26.0.1",
"Cortex XDR Broker VM 26.0.2",
"Cortex XDR Broker VM 26.0.3",
"Cortex XDR Broker VM 26.0.4",
"Cortex XDR Broker VM 26.0.5",
"Cortex XDR Broker VM 26.0.6",
"Cortex XDR Broker VM 26.0.7",
"Cortex XDR Broker VM 26.0.8",
"Cortex XDR Broker VM 26.0.9",
"Cortex XDR Broker VM 26.0.10",
"Cortex XDR Broker VM 26.0.11",
"Cortex XDR Broker VM 26.0.12",
"Cortex XDR Broker VM 26.0.13",
"Cortex XDR Broker VM 26.0.14",
"Cortex XDR Broker VM 26.0.15",
"Cortex XDR Broker VM 26.0.16",
"Cortex XDR Broker VM 26.0.17",
"Cortex XDR Broker VM 26.0.18",
"Cortex XDR Broker VM 26.0.19",
"Cortex XDR Broker VM 26.0.20",
"Cortex XDR Broker VM 26.0.21",
"Cortex XDR Broker VM 26.0.22",
"Cortex XDR Broker VM 26.0.23",
"Cortex XDR Broker VM 26.0.24",
"Cortex XDR Broker VM 26.0.25",
"Cortex XDR Broker VM 26.0.26",
"Cortex XDR Broker VM 26.0.27",
"Cortex XDR Broker VM 26.0.28",
"Cortex XDR Broker VM 26.0.29",
"Cortex XDR Broker VM 26.0.30",
"Cortex XDR Broker VM 26.0.31",
"Cortex XDR Broker VM 26.0.32",
"Cortex XDR Broker VM 26.0.33",
"Cortex XDR Broker VM 26.0.34",
"Cortex XDR Broker VM 26.0.35",
"Cortex XDR Broker VM 26.0.36",
"Cortex XDR Broker VM 26.0.37",
"Cortex XDR Broker VM 26.0.38",
"Cortex XDR Broker VM 26.0.39",
"Cortex XDR Broker VM 26.0.40",
"Cortex XDR Broker VM 26.0.41",
"Cortex XDR Broker VM 26.0.42",
"Cortex XDR Broker VM 26.0.43",
"Cortex XDR Broker VM 26.0.44",
"Cortex XDR Broker VM 26.0.45",
"Cortex XDR Broker VM 26.0.46",
"Cortex XDR Broker VM 26.0.47",
"Cortex XDR Broker VM 26.0.48",
"Cortex XDR Broker VM 26.0.49",
"Cortex XDR Broker VM 26.0.50",
"Cortex XDR Broker VM 26.0.51",
"Cortex XDR Broker VM 26.0.52",
"Cortex XDR Broker VM 26.0.53",
"Cortex XDR Broker VM 26.0.54",
"Cortex XDR Broker VM 26.0.55",
"Cortex XDR Broker VM 26.0.56",
"Cortex XDR Broker VM 26.0.57",
"Cortex XDR Broker VM 26.0.58",
"Cortex XDR Broker VM 26.0.59",
"Cortex XDR Broker VM 26.0.60",
"Cortex XDR Broker VM 26.0.61",
"Cortex XDR Broker VM 26.0.62",
"Cortex XDR Broker VM 26.0.63",
"Cortex XDR Broker VM 26.0.64",
"Cortex XDR Broker VM 26.0.65",
"Cortex XDR Broker VM 26.0.66",
"Cortex XDR Broker VM 26.0.67",
"Cortex XDR Broker VM 26.0.68",
"Cortex XDR Broker VM 26.0.69",
"Cortex XDR Broker VM 26.0.70",
"Cortex XDR Broker VM 26.0.71",
"Cortex XDR Broker VM 26.0.72",
"Cortex XDR Broker VM 26.0.73",
"Cortex XDR Broker VM 26.0.74",
"Cortex XDR Broker VM 26.0.75",
"Cortex XDR Broker VM 26.0.76",
"Cortex XDR Broker VM 26.0.77",
"Cortex XDR Broker VM 26.0.78",
"Cortex XDR Broker VM 26.0.79",
"Cortex XDR Broker VM 26.0.80",
"Cortex XDR Broker VM 26.0.81",
"Cortex XDR Broker VM 26.0.82",
"Cortex XDR Broker VM 26.0.83",
"Cortex XDR Broker VM 26.0.84",
"Cortex XDR Broker VM 26.0.85",
"Cortex XDR Broker VM 26.0.86",
"Cortex XDR Broker VM 26.0.87",
"Cortex XDR Broker VM 26.0.88",
"Cortex XDR Broker VM 26.0.89",
"Cortex XDR Broker VM 26.0.90",
"Cortex XDR Broker VM 26.0.91",
"Cortex XDR Broker VM 26.0.92",
"Cortex XDR Broker VM 26.0.93",
"Cortex XDR Broker VM 26.0.94",
"Cortex XDR Broker VM 26.0.95",
"Cortex XDR Broker VM 26.0.96",
"Cortex XDR Broker VM 26.0.97",
"Cortex XDR Broker VM 26.0.98",
"Cortex XDR Broker VM 26.0.99",
"Cortex XDR Broker VM 26.0.100",
"Cortex XDR Broker VM 26.0.101",
"Cortex XDR Broker VM 26.0.102",
"Cortex XDR Broker VM 26.0.103",
"Cortex XDR Broker VM 26.0.104",
"Cortex XDR Broker VM 26.0.105",
"Cortex XDR Broker VM 26.0.106",
"Cortex XDR Broker VM 26.0.107",
"Cortex XDR Broker VM 26.0.108",
"Cortex XDR Broker VM 26.0.109",
"Cortex XDR Broker VM 26.0.110",
"Cortex XDR Broker VM 26.0.111",
"Cortex XDR Broker VM 26.0.112",
"Cortex XDR Broker VM 26.0.113",
"Cortex XDR Broker VM 26.0.114",
"Cortex XDR Broker VM 26.0.115",
"Cortex XDR Broker VM 26.0.116",
"Cortex XDR Broker VM 26.0.117",
"Cortex XDR Broker VM 26.0.118"
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2025-0134",
"datePublished": "2025-05-14T18:07:54.706Z",
"dateReserved": "2024-12-20T23:23:34.744Z",
"dateUpdated": "2025-05-15T04:02:09.561Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}