A missing authentication vulnerability in Palo Alto Networks Cortex XDR® Broker VM allows an unauthenticated user to disable certain internal services on the Broker VM. 

The attacker must have network access to the Broker VM to exploit this issue.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00205.

Exploitation none

Automatable yes

Technical Impact partial

Affected Vendors & Products

Vendors Products
Paloaltonetworks
  • Cortex Xdr Broker Vm

No data.

No data.

No data.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-14908 A missing authentication vulnerability in Palo Alto Networks Cortex XDR® Broker VM allows an unauthenticated user to disable certain internal services on the Broker VM.  The attacker must have network access to the Broker VM to exploit this issue.
Fixes

Solution

No solution given by the vendor.

Workaround

No known workarounds or mitigations exist for this issue.

References
Link Providers
https://security.paloaltonetworks.com/CVE-2025-0132 cve-icon cve-icon
History

Wed, 14 May 2025 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 14 May 2025 18:30:00 +0000

Type Values Removed Values Added
Description A missing authentication vulnerability in Palo Alto Networks Cortex XDR® Broker VM allows an unauthenticated user to disable certain internal services on the Broker VM.  The attacker must have network access to the Broker VM to exploit this issue.
Title Cortex XDR Broker VM: Unauthenticated User Can Disable Internal Services
First Time appeared Paloaltonetworks
Paloaltonetworks cortex Xdr Broker Vm
Weaknesses CWE-306
CPEs cpe:2.3:a:paloaltonetworks:cortex_xdr_broker_vm:20.9.1:*:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:cortex_xdr_broker_vm:21.5.4:*:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:cortex_xdr_broker_vm:22.0.32:*:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:cortex_xdr_broker_vm:22.0.35:*:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:cortex_xdr_broker_vm:23.0.33:*:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:cortex_xdr_broker_vm:23.0.35:*:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:cortex_xdr_broker_vm:23.100.2:*:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:cortex_xdr_broker_vm:24.100.4:*:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:cortex_xdr_broker_vm:24.2.8:*:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:cortex_xdr_broker_vm:24.4.7:*:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:cortex_xdr_broker_vm:24.5.1:*:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:cortex_xdr_broker_vm:25.0.44:*:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:cortex_xdr_broker_vm:25.100.4:*:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:cortex_xdr_broker_vm:26.0.116:*:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:cortex_xdr_broker_vm:26.0.119:*:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:cortex_xdr_broker_vm:26.100.10:*:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:cortex_xdr_broker_vm:26.100.3:*:*:*:*:*:*:*
Vendors & Products Paloaltonetworks
Paloaltonetworks cortex Xdr Broker Vm
References
Metrics cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/AU:Y/R:U/V:C/RE:M/U:Amber'}
cve-icon MITRE

Status: PUBLISHED

Assigner: palo_alto

Published:

Updated: 2025-05-14T20:51:36.216Z

Reserved: 2024-12-20T23:23:32.897Z

Link: CVE-2025-0132

cve-icon Vulnrichment

Updated: 2025-05-14T20:51:33.177Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-05-14T19:15:51.380

Modified: 2025-05-16T14:43:56.797

Link: CVE-2025-0132

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.