CVE-2025-0134

Summary

A code injection vulnerability in the Palo Alto Networks Cortex XDR® Broker VM allows an authenticated user to execute arbitrary code with root privileges on the host operating system running Broker VM.

Affected Software

VendorProductVersion RangeStatus
Palo Alto NetworksCortex XDR Broker VM26.0.0 < 26.0.119affected

Weaknesses

  • CWE-94: CWE-94 Improper Control of Generation of Code ('Code Injection')

Workarounds

There are no known workarounds or mitigations for this issue.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References