CVE-2025-0134

UNKNOWN 0.0

Cortex XDR Broker VM: Authenticated Code Injection Vulnerability in Broker VM

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

A code injection vulnerability in the Palo Alto Networks Cortex XDR® Broker VM allows an authenticated user to execute arbitrary code with root privileges on the host operating system running Broker VM.

CWE	CWE-94
Vendor	palo alto networks
Product	cortex xdr broker vm
Published	May 14, 2025
Last Updated	Feb 26, 2026

Stay Ahead of the Next One

Get instant alerts for palo alto networks cortex xdr broker vm

Be the first to know when new unknown vulnerabilities affecting palo alto networks cortex xdr broker vm are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Palo Alto Networks / Cortex XDR Broker VM

26.0.0 < 26.0.119

References

NVD ↗ CVE.org ↗ EPSS Data ↗

security.paloaltonetworks.com: https://security.paloaltonetworks.com/CVE-2025-0134

Credits

Christiaan van Aken