CVE-2025-2184

Cortex XDR Broker VM: Secrets Shared Across Multiple Broker VM Images

CVSS 5.3 MEDIUMEPSS 0.2%CWE-1392

Vexday Risk Score

13Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 5.3EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado

Lifecycle

13 Aug 2025Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

A credential management flaw in Palo Alto Networks Cortex XDR® Broker VM causes different Broker VM images to share identical default credentials for internal services. Users knowing these default credentials could access internal services on other Broker VM installations. The attacker must have network access to the Broker VM to exploit this issue.

CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/AU:Y/R:U/V:C/RE:M/U:Amber

Affected products

Palo Alto Networks · Cortex XDR Broker VM

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://security.paloaltonetworks.com/CVE-2025-2184