CVE-2025-4234 - Vulnerability Details - OpenCVE

A problem with the Palo Alto Networks Cortex XDR Microsoft 365 Defender Pack can result in exposure of user credentials in application logs. Normally, these application logs are only viewable by local users and are included when generating logs for troubleshooting purposes. This means that these credentials are exposed to recipients of the application logs.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Attack Requirements Present

User Interaction Passive

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact High

Subsequent System Integrity Impact High

Subsequent System Availability Impact High

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Exploitation none

Automatable no

Technical Impact partial

No data.

No data.

No data.

No data.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://security.paloaltonetworks.com/CVE-2025-4234

History

Fri, 12 Sep 2025 18:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Fri, 12 Sep 2025 17:30:00 +0000

Type	Values Removed	Values Added
Description		A problem with the Palo Alto Networks Cortex XDR Microsoft 365 Defender Pack can result in exposure of user credentials in application logs. Normally, these application logs are only viewable by local users and are included when generating logs for troubleshooting purposes. This means that these credentials are exposed to recipients of the application logs.
Title		Cortex XDR Microsoft 365 Defender Pack: Cleartext Exposure of Credentials
Weaknesses		CWE-532
References		https://security.paloaltonetworks.com/CVE-2025-4234
Metrics		cvssV4_0 `{'score': 2.4, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:L/VI:N/VA:N/SC:H/SI:H/SA:H/AU:N/R:U/V:D/RE:M/U:Amber'}`

MITRE

Status: PUBLISHED

Assigner: palo_alto

Published: 2025-09-12T17:18:11.618Z

Updated: 2025-09-12T17:30:44.952Z

Reserved: 2025-05-02T19:10:49.753Z

Link: CVE-2025-4234

Vulnrichment

Updated: 2025-09-12T17:30:40.714Z

NVD

Status : Received

Published: 2025-09-12T18:15:34.180

Modified: 2025-09-12T18:15:34.180

Link: CVE-2025-4234

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-4234", "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "state": "PUBLISHED", "assignerShortName": "palo_alto", "dateReserved": "2025-05-02T19:10:49.753Z", "datePublished": "2025-09-12T17:18:11.618Z", "dateUpdated": "2025-09-12T17:30:44.952Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["Windows"], "product": "Cortex XDR Microsoft 365 Defender Pack", "vendor": "Palo Alto Networks", "versions": [{"changes": [{"at": "4.6.5", "status": "unaffected"}], "lessThan": "11.0.2-133", "status": "affected", "version": "4.6.0", "versionType": "custom"}]}], "configurations": [{"lang": "eng", "supportingMedia": [{"base64": false, "type": "text/html", "value": "The Microsoft 365 Defender Pack must be enabled. "}], "value": "The Microsoft 365 Defender Pack must be enabled."}], "credits": [{"lang": "en", "type": "finder", "value": "RC"}], "datePublic": "2025-09-10T16:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A problem with the Palo Alto Networks Cortex XDR Microsoft 365 Defender Pack can result in exposure of user credentials in application logs. Normally, these application logs are only viewable by local users and are included when generating logs for troubleshooting purposes. This means that these credentials are exposed to recipients of the application logs."}], "value": "A problem with the Palo Alto Networks Cortex XDR Microsoft 365 Defender Pack can result in exposure of user credentials in application logs. Normally, these application logs are only viewable by local users and are included when generating logs for troubleshooting purposes. This means that these credentials are exposed to recipients of the application logs."}], "exploits": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."}], "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."}], "impacts": [{"capecId": "CAPEC-21", "descriptions": [{"lang": "en", "value": "CAPEC-21 Exploitation of Trusted Credentials"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NO", "Recovery": "USER", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "LOCAL", "baseScore": 2.4, "baseSeverity": "LOW", "privilegesRequired": "LOW", "providerUrgency": "AMBER", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "PASSIVE", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:L/VI:N/VA:N/SC:H/SI:H/SA:H/AU:N/R:U/V:D/RE:M/U:Amber", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "MODERATE"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-532", "description": "CWE-532: Insertion of Sensitive Information into Log File", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "shortName": "palo_alto", "dateUpdated": "2025-09-12T17:18:11.618Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://security.paloaltonetworks.com/CVE-2025-4234"}], "solutions": [{"lang": "eng", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<table><thead><tr><th>Version<br></th><th>Minor Version<br></th><th>Suggested Solution<br></th></tr></thead><tbody><tr>\n <td>Cortex XDR Microsoft 365 Defender Pack 4.6 on Windows<br></td>\n <td>4.6.0 through 4.6.4</td>\n <td>Upgrade to 4.6.5 or later.</td>\n </tr></tbody></table><br>Rotate any Client Secrets for Azure Applications that attempted connection with the Microsoft 365 Defender Pack. "}], "value": "Version\nMinor Version\nSuggested Solution\n\n Cortex XDR Microsoft 365 Defender Pack 4.6 on Windows\n\n 4.6.0 through 4.6.4\n Upgrade to 4.6.5 or later.\n \nRotate any Client Secrets for Azure Applications that attempted connection with the Microsoft 365 Defender Pack."}], "source": {"defect": ["CRTX-178569"], "discovery": "EXTERNAL"}, "timeline": [{"lang": "en", "time": "2025-09-10T16:00:00.000Z", "value": "Initial Publication"}], "title": "Cortex XDR Microsoft 365 Defender Pack: Cleartext Exposure of Credentials", "workarounds": [{"lang": "eng", "supportingMedia": [{"base64": false, "type": "text/html", "value": "No known workarounds exist for this issue."}], "value": "No known workarounds exist for this issue."}], "x_affectedList": ["Cortex XDR Microsoft 365 Defender Pack 4.6.0", "Cortex XDR Microsoft 365 Defender Pack 4.6.1", "Cortex XDR Microsoft 365 Defender Pack 4.6.2", "Cortex XDR Microsoft 365 Defender Pack 4.6.3", "Cortex XDR Microsoft 365 Defender Pack 4.6.4"], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-09-12T17:30:36.399629Z", "id": "CVE-2025-4234", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-12T17:30:44.952Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-4234", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-09-12T17:30:36.399629Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-12T17:30:40.714Z"}}], "cna": {"title": "Cortex XDR Microsoft 365 Defender Pack: Cleartext Exposure of Credentials", "source": {"defect": ["CRTX-178569"], "discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "RC"}], "impacts": [{"capecId": "CAPEC-21", "descriptions": [{"lang": "en", "value": "CAPEC-21 Exploitation of Trusted Credentials"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "USER", "baseScore": 2.4, "Automatable": "NO", "attackVector": "LOCAL", "baseSeverity": "LOW", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:L/VI:N/VA:N/SC:H/SI:H/SA:H/AU:N/R:U/V:D/RE:M/U:Amber", "providerUrgency": "AMBER", "userInteraction": "PASSIVE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "LOW", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "LOW", "vulnerabilityResponseEffort": "MODERATE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Palo Alto Networks", "product": "Cortex XDR Microsoft 365 Defender Pack", "versions": [{"status": "affected", "changes": [{"at": "4.6.5", "status": "unaffected"}], "version": "4.6.0", "lessThan": "11.0.2-133", "versionType": "custom"}], "platforms": ["Windows"], "defaultStatus": "unaffected"}], "exploits": [{"lang": "en", "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue.", "supportingMedia": [{"type": "text/html", "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue.", "base64": false}]}], "timeline": [{"lang": "en", "time": "2025-09-10T16:00:00.000Z", "value": "Initial Publication"}], "solutions": [{"lang": "eng", "value": "Version\nMinor Version\nSuggested Solution\n\n Cortex XDR Microsoft 365 Defender Pack 4.6 on Windows\n\n 4.6.0 through 4.6.4\n Upgrade to 4.6.5 or later.\n \nRotate any Client Secrets for Azure Applications that attempted connection with the Microsoft 365 Defender Pack.", "supportingMedia": [{"type": "text/html", "value": "<table><thead><tr><th>Version<br></th><th>Minor Version<br></th><th>Suggested Solution<br></th></tr></thead><tbody><tr>\n <td>Cortex XDR Microsoft 365 Defender Pack 4.6 on Windows<br></td>\n <td>4.6.0 through 4.6.4</td>\n <td>Upgrade to 4.6.5 or later.</td>\n </tr></tbody></table><br>Rotate any Client Secrets for Azure Applications that attempted connection with the Microsoft 365 Defender Pack. ", "base64": false}]}], "datePublic": "2025-09-10T16:00:00.000Z", "references": [{"url": "https://security.paloaltonetworks.com/CVE-2025-4234", "tags": ["vendor-advisory"]}], "workarounds": [{"lang": "eng", "value": "No known workarounds exist for this issue.", "supportingMedia": [{"type": "text/html", "value": "No known workarounds exist for this issue.", "base64": false}]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "A problem with the Palo Alto Networks Cortex XDR Microsoft 365 Defender Pack can result in exposure of user credentials in application logs. Normally, these application logs are only viewable by local users and are included when generating logs for troubleshooting purposes. This means that these credentials are exposed to recipients of the application logs.", "supportingMedia": [{"type": "text/html", "value": "A problem with the Palo Alto Networks Cortex XDR Microsoft 365 Defender Pack can result in exposure of user credentials in application logs. Normally, these application logs are only viewable by local users and are included when generating logs for troubleshooting purposes. This means that these credentials are exposed to recipients of the application logs.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-532", "description": "CWE-532: Insertion of Sensitive Information into Log File"}]}], "configurations": [{"lang": "eng", "value": "The Microsoft 365 Defender Pack must be enabled.", "supportingMedia": [{"type": "text/html", "value": "The Microsoft 365 Defender Pack must be enabled. ", "base64": false}]}], "x_affectedList": ["Cortex XDR Microsoft 365 Defender Pack 4.6.0", "Cortex XDR Microsoft 365 Defender Pack 4.6.1", "Cortex XDR Microsoft 365 Defender Pack 4.6.2", "Cortex XDR Microsoft 365 Defender Pack 4.6.3", "Cortex XDR Microsoft 365 Defender Pack 4.6.4"], "providerMetadata": {"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "shortName": "palo_alto", "dateUpdated": "2025-09-12T17:18:11.618Z"}}}, "cveMetadata": {"cveId": "CVE-2025-4234", "state": "PUBLISHED", "dateUpdated": "2025-09-12T17:30:44.952Z", "dateReserved": "2025-05-02T19:10:49.753Z", "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "datePublished": "2025-09-12T17:18:11.618Z", "assignerShortName": "palo_alto"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A problem with the Palo Alto Networks Cortex XDR Microsoft 365 Defender Pack can result in exposure of user credentials in application logs. Normally, these application logs are only viewable by local users and are included when generating logs for troubleshooting purposes. This means that these credentials are exposed to recipients of the application logs."}], "id": "CVE-2025-4234", "lastModified": "2025-09-12T18:15:34.180", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NO", "Recovery": "USER", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 2.4, "baseSeverity": "LOW", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "AMBER", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "PASSIVE", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:L/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Amber", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "MODERATE"}, "source": "psirt@paloaltonetworks.com", "type": "Secondary"}]}, "published": "2025-09-12T18:15:34.180", "references": [{"source": "psirt@paloaltonetworks.com", "url": "https://security.paloaltonetworks.com/CVE-2025-4234"}], "sourceIdentifier": "psirt@paloaltonetworks.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-532"}], "source": "psirt@paloaltonetworks.com", "type": "Secondary"}]}