Command Injection Vulnerability in Palo Alto Networks Cortex XDR® Broker VM
CVE-2025-0119

6.3MEDIUM

Key Information:

Vendor: Palo Alto Networks
Status: Cortex Xdr Broker Vm
Vendor: CVE Published:; 11 April 2025

Badges

👾 Exploit Exists

What is CVE-2025-0119?

A command injection vulnerability in Palo Alto Networks Cortex XDR® Broker VM enables an authenticated user to execute arbitrary operating system commands with root privileges. This can lead to severe security risks, including unauthorized access to sensitive data and complete system compromise. Users are advised to apply necessary patches and follow best security practices to mitigate this vulnerability.

Affected Version(s)

Cortex XDR Broker VM 1.0.0 < 26.100.3

References

https://security.paloaltonetworks.com/CVE-2025-0119

vendor-advisory

CVSS V4

Score:

6.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

👾
Exploit known to exist
Apr 11, 2025
Vulnerability published
Apr 11, 2025
Vulnerability Reserved
Dec 20, 2024

Credit

Bartosz Chałek

Piotr Kozowicz of CERT Team of ING Bank Slaski