Missing Authentication Vulnerability in Cortex XDRĀ® Broker VM by Palo Alto Networks
CVE-2025-0132
6.9MEDIUM
Key Information:
- Vendor
Palo Alto Networks
- Status
- Vendor
- CVE Published:
- 14 May 2025
Badges
š¾ Exploit Exists
What is CVE-2025-0132?
A missing authentication vulnerability exists in Palo Alto Networks Cortex XDRĀ® Broker VM, which allows an attacker with network access to the Broker VM to disable critical internal services. This unauthenticated access poses a significant risk as it can lead to potential disruptions in security monitoring and management functionalities within the Cortex XDR environment.
Affected Version(s)
Cortex XDR Broker VM 26.0.0 < 26.0.119
References
CVSS V4
Score:
6.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None
Timeline
- š¾
Exploit known to exist
Vulnerability published
Vulnerability Reserved
Credit
Bartosz ChaÅek
Piotr Kozowicz of CERT Team of ING Bank Slaski