CVE-2025-0134

A code injection vulnerability in the Palo Alto Networks Cortex XDR® Broker VM allows an authenticated user to execute arbitrary code with root privileges on the host operating system running Broker VM.

CVSS

No CVSS.

References

Link	Resource
https://security.paloaltonetworks.com/CVE-2025-0134

Configurations

No configuration.

History

No history.

Information

Published : 2025-05-14 19:15

Updated : 2025-05-16 14:43

NVD link : CVE-2025-0134

Mitre link : CVE-2025-0134

CVE.ORG link : CVE-2025-0134

JSON object : View

Products Affected

No product.

CWE

CWE-94

Improper Control of Generation of Code ('Code Injection')

{"id": "CVE-2025-0134", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "psirt@paloaltonetworks.com", "cvssData": {"Safety": "NEGLIGIBLE", "version": "4.0", "Recovery": "USER", "baseScore": 6.5, "Automatable": "NO", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:C/RE:M/U:Amber", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "AMBER", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "LOW", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "MODERATE", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-05-14T19:15:51.677", "references": [{"url": "https://security.paloaltonetworks.com/CVE-2025-0134", "source": "psirt@paloaltonetworks.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "psirt@paloaltonetworks.com", "description": [{"lang": "en", "value": "CWE-94"}]}], "descriptions": [{"lang": "en", "value": "A code injection vulnerability in the Palo Alto Networks Cortex XDR\u00ae Broker VM allows an authenticated user to execute arbitrary code with root privileges on the host operating system running Broker VM."}, {"lang": "es", "value": "Una vulnerabilidad de inyecci\u00f3n de c\u00f3digo en Palo Alto Networks Cortex XDR\u00ae Broker VM permite que un usuario autenticado ejecute c\u00f3digo arbitrario con privilegios de root en el sistema operativo host que ejecuta Broker VM."}], "lastModified": "2025-05-16T14:43:56.797", "sourceIdentifier": "psirt@paloaltonetworks.com"}

CVE-2025-0134

JSON object

Attach tags to CVE-2025-0134

Attach tags to `CVE-2025-0134`