CVE-2025-0134 Cortex XDR Broker VM: Authenticated Code Injection Vulnerability in Broker VM

Palo Alto Networks Security Advisories / CVE-2025-0134

CVE-2025-0134 Cortex XDR Broker VM: Authenticated Code Injection Vulnerability in Broker VM

Urgency MODERATE

Severity 2.6 · LOW

Exploit Maturity UNREPORTED

Response Effort MODERATE

Recovery USER

Value Density CONCENTRATED

Attack Vector NETWORK

Attack Complexity LOW

Attack Requirements NONE

Automatable NO

User Interaction NONE

Product Confidentiality LOW

Product Integrity LOW

Product Availability LOW

Privileges Required LOW

Subsequent Confidentiality HIGH

Subsequent Integrity HIGH

Subsequent Availability HIGH

CVE JSON CSAF

Published 2025-05-14

Updated 2025-05-14

Reference CRTX-105741

Description

A code injection vulnerability in the Palo Alto Networks Cortex XDR® Broker VM allows an authenticated user to execute arbitrary code with root privileges on the host operating system running Broker VM.

Product Status

Versions	Affected	Unaffected
Cortex XDR Broker VM 26.0.0	< 26.0.119	>= 26.0.119

Required Configuration for Exposure

No special configuration is required to be affected by this issue.

Severity: LOW, Suggested Urgency: MODERATE

CVSS-BT: 2.6 / CVSS-B: 6.5 (CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:H/SI:H/SA:H/E:U/S:N/AU:N/R:U/V:C/RE:M/U:Amber)

Exploitation Status

Palo Alto Networks is not aware of any malicious exploitation of this issue.

Weakness Type and Impact

CWE-94 Improper Control of Generation of Code ('Code Injection')

CAPEC-242 Code Injection

Solution

This issue is fixed in Cortex XDR Broker VM 26.0.119, and all later Cortex XDR Broker VM versions.

If you enabled automatic upgrades for Broker VM, then no action is required at this time.
If you did not enable automatic upgrades, then we recommend you do so for Broker VM to ensure that you always have the latest security patches installed in your software.

Workarounds and Mitigations

There are no known workarounds or mitigations for this issue.

Acknowledgments

Palo Alto Networks thanks Christiaan van Aken for discovering and reporting the issue.

CPEs

cpe:2.3:a:paloaltonetworks:cortex_xdr_broker_vm:26.100.10:*:*:*:*:*:*:*

cpe:2.3:a:paloaltonetworks:cortex_xdr_broker_vm:26.100.3:*:*:*:*:*:*:*

cpe:2.3:a:paloaltonetworks:cortex_xdr_broker_vm:26.0.119:*:*:*:*:*:*:*

cpe:2.3:a:paloaltonetworks:cortex_xdr_broker_vm:26.0.116:*:*:*:*:*:*:*

cpe:2.3:a:paloaltonetworks:cortex_xdr_broker_vm:25.100.4:*:*:*:*:*:*:*

cpe:2.3:a:paloaltonetworks:cortex_xdr_broker_vm:25.0.44:*:*:*:*:*:*:*

cpe:2.3:a:paloaltonetworks:cortex_xdr_broker_vm:24.100.4:*:*:*:*:*:*:*

cpe:2.3:a:paloaltonetworks:cortex_xdr_broker_vm:24.4.7:*:*:*:*:*:*:*

cpe:2.3:a:paloaltonetworks:cortex_xdr_broker_vm:24.2.8:*:*:*:*:*:*:*

cpe:2.3:a:paloaltonetworks:cortex_xdr_broker_vm:24.5.1:*:*:*:*:*:*:*

cpe:2.3:a:paloaltonetworks:cortex_xdr_broker_vm:23.100.2:*:*:*:*:*:*:*

cpe:2.3:a:paloaltonetworks:cortex_xdr_broker_vm:23.0.35:*:*:*:*:*:*:*

cpe:2.3:a:paloaltonetworks:cortex_xdr_broker_vm:23.0.33:*:*:*:*:*:*:*

cpe:2.3:a:paloaltonetworks:cortex_xdr_broker_vm:22.0.35:*:*:*:*:*:*:*

cpe:2.3:a:paloaltonetworks:cortex_xdr_broker_vm:22.0.32:*:*:*:*:*:*:*

cpe:2.3:a:paloaltonetworks:cortex_xdr_broker_vm:21.5.4:*:*:*:*:*:*:*

cpe:2.3:a:paloaltonetworks:cortex_xdr_broker_vm:20.9.1:*:*:*:*:*:*:*

Show MoreShow Less

Timeline

2025-05-14 Initial Publication