A code injection vulnerability in the Palo Alto Networks Cortex XDR® Broker VM allows an authenticated user to execute arbitrary code with root privileges on the host operating system running Broker VM.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact High

Subsequent System Integrity Impact High

Subsequent System Availability Impact High

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00136.

Exploitation none

Automatable yes

Technical Impact partial

Affected Vendors & Products

Vendors Products
Paloaltonetworks
  • Cortex Xdr Broker Vm

No data.

No data.

No data.

Fixes

Solution

No solution given by the vendor.

Workaround

There are no known workarounds or mitigations for this issue.

References
Link Providers
https://security.paloaltonetworks.com/CVE-2025-0134 cve-icon cve-icon
History

Wed, 14 May 2025 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 14 May 2025 18:30:00 +0000

Type Values Removed Values Added
Description A code injection vulnerability in the Palo Alto Networks Cortex XDR® Broker VM allows an authenticated user to execute arbitrary code with root privileges on the host operating system running Broker VM.
Title Cortex XDR Broker VM: Authenticated Code Injection Vulnerability in Broker VM
First Time appeared Paloaltonetworks
Paloaltonetworks cortex Xdr Broker Vm
Weaknesses CWE-94
CPEs cpe:2.3:a:paloaltonetworks:cortex_xdr_broker_vm:20.9.1:*:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:cortex_xdr_broker_vm:21.5.4:*:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:cortex_xdr_broker_vm:22.0.32:*:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:cortex_xdr_broker_vm:22.0.35:*:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:cortex_xdr_broker_vm:23.0.33:*:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:cortex_xdr_broker_vm:23.0.35:*:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:cortex_xdr_broker_vm:23.100.2:*:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:cortex_xdr_broker_vm:24.100.4:*:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:cortex_xdr_broker_vm:24.2.8:*:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:cortex_xdr_broker_vm:24.4.7:*:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:cortex_xdr_broker_vm:24.5.1:*:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:cortex_xdr_broker_vm:25.0.44:*:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:cortex_xdr_broker_vm:25.100.4:*:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:cortex_xdr_broker_vm:26.0.116:*:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:cortex_xdr_broker_vm:26.0.119:*:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:cortex_xdr_broker_vm:26.100.10:*:*:*:*:*:*:*
cpe:2.3:a:paloaltonetworks:cortex_xdr_broker_vm:26.100.3:*:*:*:*:*:*:*
Vendors & Products Paloaltonetworks
Paloaltonetworks cortex Xdr Broker Vm
References
Metrics cvssV4_0

{'score': 6.5, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:H/SI:H/SA:H/S:N/AU:N/R:U/V:C/RE:M/U:Amber'}
cve-icon MITRE

Status: PUBLISHED

Assigner: palo_alto

Published:

Updated: 2025-05-15T04:02:09.561Z

Reserved: 2024-12-20T23:23:34.744Z

Link: CVE-2025-0134

cve-icon Vulnrichment

Updated: 2025-05-14T20:50:42.920Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-05-14T19:15:51.677

Modified: 2025-05-16T14:43:56.797

Link: CVE-2025-0134

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.