Code Injection Vulnerability in Palo Alto Networks Cortex XDRĀ® Broker VM
CVE-2025-0134

6.5MEDIUM

Key Information:

Vendor
CVE Published:
14 May 2025

Badges

šŸ‘¾ Exploit Exists

What is CVE-2025-0134?

A vulnerability in Palo Alto Networks Cortex XDRĀ® Broker VM allows authenticated users to perform code injection, enabling the execution of arbitrary code with root privileges on the underlying operating system. This poses significant risks as it can lead to unauthorized access and control over sensitive systems. Users are advised to review their security protocols and apply necessary updates to mitigate the potential impact of this vulnerability.

Affected Version(s)

Cortex XDR Broker VM 26.0.0 < 26.0.119

References

CVSS V4

Score:
6.5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • šŸ‘¾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

Christiaan van Aken
.
CVE-2025-0134 : Code Injection Vulnerability in Palo Alto Networks Cortex XDRĀ® Broker VM