Palo Alto Cortex XDR Broker VM up to 26.0.115 Network Isolation improper protection of alternate path
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 4.1 | $0-$5k | 0.00 |
Summary
A vulnerability, which was classified as problematic, was found in Palo Alto Cortex XDR Broker VM up to 26.0.115. This vulnerability affects unknown code of the component Network Isolation. The manipulation results in improper protection of alternate path. This vulnerability is cataloged as CVE-2025-0113. An attack on the physical device is feasible. There is no exploit available. You should upgrade the affected component.
Details
A vulnerability was found in Palo Alto Cortex XDR Broker VM up to 26.0.115. It has been classified as problematic. Affected is some unknown functionality of the component Network Isolation. The manipulation with an unknown input leads to a improper protection of alternate path vulnerability. CWE is classifying the issue as CWE-424. The product does not sufficiently protect all possible paths that a user can take to access restricted functionality or resources. This is going to have an impact on confidentiality, integrity, and availability. CVE summarizes:
A problem with the network isolation mechanism of the Palo Alto Networks Cortex XDR Broker VM allows attackers unauthorized access to Docker containers from the host network used by Broker VM. This may allow access to read files sent for analysis and logs transmitted by the Cortex XDR Agent to the Cortex XDR server.
The weakness was shared by Julian Imper. The advisory is shared for download at security.paloaltonetworks.com. This vulnerability is traded as CVE-2025-0113 since 12/21/2024. The exploitability is told to be easy. The attack needs to be approached locally. The exploitation doesn't require any form of authentication. There are neither technical details nor an exploit publicly available.
Upgrading to version 26.0.116 eliminates this vulnerability.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Product
Vendor
Name
Version
License
Website
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CNA CVSS-B Score: 🔍
CNA CVSS-BT Score: 🔍
CNA Vector: 🔍
CVSSv3
VulDB Meta Base Score: 4.3VulDB Meta Temp Score: 4.1
VulDB Base Score: 4.3
VulDB Temp Score: 4.1
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
Exploiting
Class: Improper protection of alternate pathCWE: CWE-424
CAPEC: 🔍
ATT&CK: 🔍
Physical: Yes
Local: Yes
Remote: No
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Upgrade: Cortex XDR Broker VM 26.0.116
Timeline
12/21/2024 🔍02/12/2025 🔍
02/12/2025 🔍
02/12/2025 🔍
Sources
Vendor: paloaltonetworks.comAdvisory: security.paloaltonetworks.com
Researcher: Julian Imper
Status: Confirmed
CVE: CVE-2025-0113 (🔍)
GCVE (CVE): GCVE-0-2025-0113
GCVE (VulDB): GCVE-100-295584
Entry
Created: 02/12/2025 22:32Changes: 02/12/2025 22:32 (72)
Complete: 🔍
Cache ID: 216::103
VulDB is the best source for vulnerability data and more expert information about this specific topic.
No comments yet. Languages: en.
Please log in to comment.