Code Injection Vulnerability in Palo Alto Networks Cortex XDRĀ® Broker VM
CVE-2025-0134
6.5MEDIUM
Key Information:
- Vendor
Palo Alto Networks
- Status
- Vendor
- CVE Published:
- 14 May 2025
Badges
š¾ Exploit Exists
What is CVE-2025-0134?
A vulnerability in Palo Alto Networks Cortex XDRĀ® Broker VM allows authenticated users to perform code injection, enabling the execution of arbitrary code with root privileges on the underlying operating system. This poses significant risks as it can lead to unauthorized access and control over sensitive systems. Users are advised to review their security protocols and apply necessary updates to mitigate the potential impact of this vulnerability.
Affected Version(s)
Cortex XDR Broker VM 26.0.0 < 26.0.119
References
CVSS V4
Score:
6.5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None
Timeline
- š¾
Exploit known to exist
Vulnerability published
Vulnerability Reserved
Credit
Christiaan van Aken