{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-2184", "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "state": "PUBLISHED", "assignerShortName": "palo_alto", "dateReserved": "2025-03-10T17:56:27.007Z", "datePublished": "2025-08-13T17:05:30.544Z", "dateUpdated": "2025-08-13T20:33:40.634Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Cortex XDR Broker VM", "vendor": "Palo Alto Networks", "versions": [{"changes": [{"at": "28.0.52", "status": "unaffected"}], "lessThan": "28.0.52", "status": "affected", "version": "28.0.0", "versionType": "custom"}]}], "configurations": [{"lang": "eng", "supportingMedia": [{"base64": false, "type": "text/html", "value": "No special configuration is required to be affected by this issue."}], "value": "No special configuration is required to be affected by this issue."}], "credits": [{"lang": "en", "type": "finder", "value": "This issue was discovered during an internal penetration test."}], "datePublic": "2025-08-13T16:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A credential management flaw in Palo Alto Networks Cortex XDR\u00ae Broker VM causes different Broker VM images to share identical default credentials for internal services. Users knowing these default credentials could access internal services on other Broker VM installations.<br><br>The attacker must have network access to the Broker VM to exploit this issue."}], "value": "A credential management flaw in Palo Alto Networks Cortex XDR\u00ae Broker VM causes different Broker VM images to share identical default credentials for internal services. Users knowing these default credentials could access internal services on other Broker VM installations.\n\nThe attacker must have network access to the Broker VM to exploit this issue."}], "exploits": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."}], "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."}], "impacts": [{"capecId": "CAPEC-114", "descriptions": [{"lang": "en", "value": "CAPEC-114 Authentication Abuse"}]}], "metrics": [{"cvssV4_0": {"Automatable": "YES", "Recovery": "USER", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "PHYSICAL", "baseScore": 5.3, "baseSeverity": "MEDIUM", "privilegesRequired": "NONE", "providerUrgency": "AMBER", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/AU:Y/R:U/V:C/RE:M/U:Amber", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "MODERATE"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-1392", "description": "CWE-1392: Use of Default Credentials", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "shortName": "palo_alto", "dateUpdated": "2025-08-13T17:05:30.544Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://security.paloaltonetworks.com/CVE-2025-2184"}], "solutions": [{"lang": "eng", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>If automatic upgrades are enabled for Broker VM, then no action is required at this time.<br></p><b></b><p>If automatic upgrades are not enabled for Broker VM, then we recommend that you do so to ensure that you always have the latest security patches installed in your software.</p>"}], "value": "If automatic upgrades are enabled for Broker VM, then no action is required at this time.\n\n\nIf automatic upgrades are not enabled for Broker VM, then we recommend that you do so to ensure that you always have the latest security patches installed in your software."}], "source": {"defect": ["CRTX-104867"], "discovery": "INTERNAL"}, "timeline": [{"lang": "en", "time": "2025-08-13T16:00:00.000Z", "value": "Initial Publication"}], "title": "Cortex XDR Broker VM: Secrets Shared Across Multiple Broker VM Images", "workarounds": [{"lang": "eng", "supportingMedia": [{"base64": false, "type": "text/html", "value": "No known workarounds exist for this issue."}], "value": "No known workarounds exist for this issue."}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-08-13T20:33:30.348557Z", "id": "CVE-2025-2184", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-13T20:33:40.634Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-2184", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-08-13T20:33:30.348557Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-13T20:33:35.413Z"}}], "cna": {"title": "Cortex XDR Broker VM: Secrets Shared Across Multiple Broker VM Images", "source": {"defect": ["CRTX-104867"], "discovery": "INTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "This issue was discovered during an internal penetration test."}], "impacts": [{"capecId": "CAPEC-114", "descriptions": [{"lang": "en", "value": "CAPEC-114 Authentication Abuse"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "USER", "baseScore": 5.3, "Automatable": "YES", "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/AU:Y/R:U/V:C/RE:M/U:Amber", "providerUrgency": "AMBER", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "MODERATE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Palo Alto Networks", "product": "Cortex XDR Broker VM", "versions": [{"status": "affected", "changes": [{"at": "28.0.52", "status": "unaffected"}], "version": "28.0.0", "lessThan": "28.0.52", "versionType": "custom"}], "defaultStatus": "unaffected"}], "exploits": [{"lang": "en", "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue.", "supportingMedia": [{"type": "text/html", "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue.", "base64": false}]}], "timeline": [{"lang": "en", "time": "2025-08-13T16:00:00.000Z", "value": "Initial Publication"}], "solutions": [{"lang": "eng", "value": "If automatic upgrades are enabled for Broker VM, then no action is required at this time.\n\n\nIf automatic upgrades are not enabled for Broker VM, then we recommend that you do so to ensure that you always have the latest security patches installed in your software.", "supportingMedia": [{"type": "text/html", "value": "<p>If automatic upgrades are enabled for Broker VM, then no action is required at this time.<br></p><b></b><p>If automatic upgrades are not enabled for Broker VM, then we recommend that you do so to ensure that you always have the latest security patches installed in your software.</p>", "base64": false}]}], "datePublic": "2025-08-13T16:00:00.000Z", "references": [{"url": "https://security.paloaltonetworks.com/CVE-2025-2184", "tags": ["vendor-advisory"]}], "workarounds": [{"lang": "eng", "value": "No known workarounds exist for this issue.", "supportingMedia": [{"type": "text/html", "value": "No known workarounds exist for this issue.", "base64": false}]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "A credential management flaw in Palo Alto Networks Cortex XDR\u00ae Broker VM causes different Broker VM images to share identical default credentials for internal services. Users knowing these default credentials could access internal services on other Broker VM installations.\n\nThe attacker must have network access to the Broker VM to exploit this issue.", "supportingMedia": [{"type": "text/html", "value": "A credential management flaw in Palo Alto Networks Cortex XDR\u00ae Broker VM causes different Broker VM images to share identical default credentials for internal services. Users knowing these default credentials could access internal services on other Broker VM installations.<br><br>The attacker must have network access to the Broker VM to exploit this issue.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-1392", "description": "CWE-1392: Use of Default Credentials"}]}], "configurations": [{"lang": "eng", "value": "No special configuration is required to be affected by this issue.", "supportingMedia": [{"type": "text/html", "value": "No special configuration is required to be affected by this issue.", "base64": false}]}], "providerMetadata": {"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "shortName": "palo_alto", "dateUpdated": "2025-08-13T17:05:30.544Z"}}}, "cveMetadata": {"cveId": "CVE-2025-2184", "state": "PUBLISHED", "dateUpdated": "2025-08-13T20:33:40.634Z", "dateReserved": "2025-03-10T17:56:27.007Z", "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "datePublished": "2025-08-13T17:05:30.544Z", "assignerShortName": "palo_alto"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A credential management flaw in Palo Alto Networks Cortex XDR\u00ae Broker VM causes different Broker VM images to share identical default credentials for internal services. Users knowing these default credentials could access internal services on other Broker VM installations.\n\nThe attacker must have network access to the Broker VM to exploit this issue."}], "id": "CVE-2025-2184", "lastModified": "2025-08-13T17:33:46.673", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "YES", "Recovery": "USER", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "PHYSICAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "AMBER", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:C/RE:M/U:Amber", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "MODERATE"}, "source": "psirt@paloaltonetworks.com", "type": "Secondary"}]}, "published": "2025-08-13T17:15:27.513", "references": [{"source": "psirt@paloaltonetworks.com", "url": "https://security.paloaltonetworks.com/CVE-2025-2184"}], "sourceIdentifier": "psirt@paloaltonetworks.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1392"}], "source": "psirt@paloaltonetworks.com", "type": "Secondary"}]}

{}

{"created": "2025-08-14T12:59:57.862945+00:00", "updated": "2025-08-14T12:59:57.863020+00:00", "vendors": ["paloaltonetworks", "paloaltonetworks$PRODUCT$cortex_xdr_broker_vm"]}