CVE-2025-0132 Cortex XDR Broker VM: Unauthenticated User Can Disable Internal Services

Palo Alto Networks Security Advisories / CVE-2025-0132

CVE-2025-0132 Cortex XDR Broker VM: Unauthenticated User Can Disable Internal Services

Urgency MODERATE

Severity 2.7 · LOW

Exploit Maturity UNREPORTED

Response Effort MODERATE

Recovery USER

Value Density CONCENTRATED

Attack Vector NETWORK

Attack Complexity LOW

Attack Requirements NONE

Automatable YES

User Interaction NONE

Product Confidentiality NONE

Product Integrity LOW

Product Availability LOW

Privileges Required NONE

Subsequent Confidentiality NONE

Subsequent Integrity NONE

Subsequent Availability NONE

CVE JSON CSAF

Published 2025-05-14

Updated 2025-05-14

Reference CRTX-147815

Discovered externally

Description

A missing authentication vulnerability in Palo Alto Networks Cortex XDR® Broker VM allows an unauthenticated user to disable certain internal services on the Broker VM.

The attacker must have network access to the Broker VM to exploit this issue.

Product Status

Versions	Affected	Unaffected
Cortex XDR Broker VM 26.0.0	< 26.0.119	>= 26.0.119

Required Configuration for Exposure

No special configuration is required to be affected by this issue.

Severity: LOW, Suggested Urgency: MODERATE

CVSS-BT: 2.7 / CVSS-B: 6.9 (CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/AU:Y/R:U/V:C/RE:M/U:Amber)

Exploitation Status

Palo Alto Networks is not aware of any malicious exploitation of this issue.

Weakness Type and Impact

CWE-306 Missing Authentication for Critical Function

CAPEC-36 Using Unpublished APIs

Solution

This issue is fixed in Cortex XDR Broker VM 26.0.119, and all later Cortex XDR Broker VM versions.

If you enabled automatic upgrades for Broker VM, then no action is required at this time.
If you did not enable automatic upgrades, then we recommend that you do so for Broker VM to ensure that you always have the latest security patches installed in your software.

Workarounds and Mitigations

No known workarounds or mitigations exist for this issue.

Acknowledgments

Palo Alto Networks thanks Bartosz Chałek and Piotr Kozowicz of CERT Team of ING Bank Slaski for discovering and reporting the issue.

CPEs

cpe:2.3:a:paloaltonetworks:cortex_xdr_broker_vm:26.100.10:*:*:*:*:*:*:*

cpe:2.3:a:paloaltonetworks:cortex_xdr_broker_vm:26.100.3:*:*:*:*:*:*:*

cpe:2.3:a:paloaltonetworks:cortex_xdr_broker_vm:26.0.119:*:*:*:*:*:*:*

cpe:2.3:a:paloaltonetworks:cortex_xdr_broker_vm:26.0.116:*:*:*:*:*:*:*

cpe:2.3:a:paloaltonetworks:cortex_xdr_broker_vm:25.100.4:*:*:*:*:*:*:*

cpe:2.3:a:paloaltonetworks:cortex_xdr_broker_vm:25.0.44:*:*:*:*:*:*:*

cpe:2.3:a:paloaltonetworks:cortex_xdr_broker_vm:24.100.4:*:*:*:*:*:*:*

cpe:2.3:a:paloaltonetworks:cortex_xdr_broker_vm:24.4.7:*:*:*:*:*:*:*

cpe:2.3:a:paloaltonetworks:cortex_xdr_broker_vm:24.2.8:*:*:*:*:*:*:*

cpe:2.3:a:paloaltonetworks:cortex_xdr_broker_vm:24.5.1:*:*:*:*:*:*:*

cpe:2.3:a:paloaltonetworks:cortex_xdr_broker_vm:23.100.2:*:*:*:*:*:*:*

cpe:2.3:a:paloaltonetworks:cortex_xdr_broker_vm:23.0.35:*:*:*:*:*:*:*

cpe:2.3:a:paloaltonetworks:cortex_xdr_broker_vm:23.0.33:*:*:*:*:*:*:*

cpe:2.3:a:paloaltonetworks:cortex_xdr_broker_vm:22.0.35:*:*:*:*:*:*:*

cpe:2.3:a:paloaltonetworks:cortex_xdr_broker_vm:22.0.32:*:*:*:*:*:*:*

cpe:2.3:a:paloaltonetworks:cortex_xdr_broker_vm:21.5.4:*:*:*:*:*:*:*

cpe:2.3:a:paloaltonetworks:cortex_xdr_broker_vm:20.9.1:*:*:*:*:*:*:*

Show MoreShow Less

Timeline

2025-05-14 Initial Publication