Privilege Escalation Vulnerability in Palo Alto Networks Cortex XDR Broker VM
CVE-2025-4228

4.6MEDIUM

Key Information:

Vendor

Palo Alto Networks
Status
Cortex Xdr Broker Vm
Vendor
CVE Published:
13 June 2025

Badges

👾 Exploit Exists

What is CVE-2025-4228?

An incorrect privilege assignment vulnerability exists in Palo Alto Networks Cortex XDR Broker VM, which allows authenticated administrative users to execute specific files within the Broker VM. This could lead to unauthorized privilege escalation, potentially granting root access and compromising the system's integrity.

Affected Version(s)

Cortex XDR Broker VM 27.0.0 < 27.0.26

References

https://security.paloaltonetworks.com/CVE-2025-4228
vendor-advisory

CVSS V4

Score:
4.6
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 👾

    Exploit known to exist

  • Vulnerability published

JSON
.
CVE-2025-4228 : Privilege Escalation Vulnerability in Palo Alto Networks Cortex XDR Broker VM