{"document":{"category":"csaf_vex","csaf_version":"2.1","notes":[{"category":"summary","text":"Palo Alto Networks PSIRT provided VEX document. This document is autogenerated.","title":"Cortex XDR Broker VM: Unauthorized Access to Broker VM Docker Containers "}],"publisher":{"category":"vendor","name":"Palo Alto Networks","namespace":"https://security.paloaltonetworks.com"},"title":"Palo Alto Networks PSIRT provided VEX document: CVE-2025-0113","distribution":{"text":"Copyright © 2024 Palo Alto Networks. All rights reserved.","tlp":{"label":"CLEAR","url":"https://www.first.org/tlp/"}},"tracking":{"current_release_date":"2026-04-11T00:33:59.236Z","generator":{"date":"2026-04-11T00:33:59.236Z","engine":{"name":"Vulnogram","version":"0.1.0-dev"}},"id":"CVE-2025-0113","initial_release_date":"2025-02-12T17:00:00.000Z","revision_history":[{"number":"1","date":"2025-02-12T09:00:00.000Z","summary":"Initial Publication"}],"status":"final","version":"1"}},"product_tree":{"branches":[{"name":"Palo Alto Networks","category":"vendor","branches":[{"name":"Cortex XDR Broker VM","category":"product_name","branches":[{"category":"product_version_range","name":"vers:generic/Cortex XDR Broker VM<26.0.116","product":{"name":"Palo Alto Networks Cortex XDR Broker VM","product_id":"PANW-Cortex-XDR-Broker-VM-2"}},{"category":"product_version_range","name":"vers:generic/Cortex XDR Broker VM>=26.0.116","product":{"name":"Palo Alto Networks Cortex XDR Broker VM","product_id":"PANW-Cortex-XDR-Broker-VM-2"}}]}]}]},"vulnerabilities":[{"cve":"CVE-2025-0113","product_status":{"fixed":["PANW-Cortex-XDR-Broker-VM-2"],"known_affected":["PANW-Cortex-XDR-Broker-VM-2"]},"notes":[{"category":"description","text":"A problem with the network isolation mechanism of the Palo Alto Networks Cortex XDR Broker VM allows attackers unauthorized access to Docker containers from the host network used by Broker VM. This may allow access to read files sent for analysis and logs transmitted by the Cortex XDR Agent to the Cortex XDR server."}],"references":[{"category":"external","summary":"NVD - CVE-2025-0113","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-0113"},{"category":"self","summary":"Palo Alto Networks Security Advisory CVE-2025-0113","url":"https://security.paloaltonetworks.com/CVE-2025-0113"}],"threats":[{"category":"impact","description":"A problem with the network isolation mechanism of the Palo Alto Networks Cortex XDR Broker VM allows attackers unauthorized access to Docker containers from the host network used by Broker VM. This may allow access to read files sent for analysis and logs transmitted by the Cortex XDR Agent to the Cortex XDR server."}],"scores":[{"cvss_v4":{"version":"4.0","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","subConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","subIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subAvailabilityImpact":"NONE","Safety":"NOT_DEFINED","Automatable":"YES","Recovery":"USER","valueDensity":"CONCENTRATED","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"AMBER","exploitMaturity":"UNREPORTED","baseSeverity":"HIGH","baseScore":7.6,"threatSeverity":"MEDIUM","threatScore":4.9,"vectorString":"CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/AU:Y/R:U/V:C/RE:M/U:Amber"},"products":["PANW-Cortex-XDR-Broker-VM-2"]}]}]}