Privilege Escalation Vulnerability in Palo Alto Networks Cortex XDR Broker VM
CVE-2025-4228

4.6MEDIUM

Key Information:

Vendor: Palo Alto Networks
Status: Cortex Xdr Broker Vm
Vendor: CVE Published:; 13 June 2025

🔔 Create Palo Alto Networks Vulnerability Alert

Badges

👾 Exploit Exists

What is CVE-2025-4228?

An incorrect privilege assignment vulnerability exists in Palo Alto Networks Cortex XDR Broker VM, which allows authenticated administrative users to execute specific files within the Broker VM. This could lead to unauthorized privilege escalation, potentially granting root access and compromising the system's integrity.

Affected Version(s)

Cortex XDR Broker VM 27.0.0 < 27.0.26

References

https://security.paloaltonetworks.com/CVE-2025-4228

vendor-advisory

CVSS V4

Score:

4.6

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Jun 13, 2025
Vulnerability published
Jun 13, 2025