Credential Exposure in Palo Alto Networks Cortex XDR Microsoft 365 Defender Pack
CVE-2025-4234

2.4LOW

Key Information:

Vendor: Palo Alto Networks
Status: Cortex Xdr Microsoft 365 Defender Pack
Vendor: CVE Published:; 12 September 2025

🔔 Create Palo Alto Networks Vulnerability Alert

Badges

👾 Exploit Exists

What is CVE-2025-4234?

A vulnerability in the Palo Alto Networks Cortex XDR Microsoft 365 Defender Pack could allow for the exposure of user credentials within application logs. These logs, typically accessible only to local users, may inadvertently contain sensitive information that becomes available to others during troubleshooting or log review processes.

Affected Version(s)

Cortex XDR Microsoft 365 Defender Pack Windows 4.6.0 < 11.0.2-133

References

https://security.paloaltonetworks.com/CVE-2025-4234

vendor-advisory

CVSS V4

Score:

2.4

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Sep 12, 2025
Vulnerability published
Sep 12, 2025
Vulnerability Reserved
May 2, 2025

Palo Alto Networks