Unauthorized access to Broker VM docker containers in Cortex XDR Broker VM
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2025-0113 |
| CWE-ID | CWE-424 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Cortex XDR Broker VM Server applications / IDS/IPS systems, Firewalls and proxy servers |
| Vendor | Palo Alto Networks, Inc. |
Security Bulletin
This security bulletin contains one high risk vulnerability.
1) Improper protection of alternate path
EUVDB-ID: #VU104027
Risk: High
CVSSv4.0: 6.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2025-0113
CWE-ID:
CWE-424 - Improper Protection of Alternate Path
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain unauthorized access to VM docker containers.
The vulnerability exists due to an error within the network isolation mechanism. A remote non-authenticated attacker can gain unauthorized access to Docker containers from the host network used by Broker VM and read files sent for analysis and logs transmitted by the Cortex XDR Agent to the Cortex XDR server.
MitigationInstall updates from vendor's website.
Vulnerable software versionsCortex XDR Broker VM: 14.3.3 - 25.105.6
CPE2.3- cpe:2.3:a:palo_alto_networks:cortex_xdr_broker_vm:14.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:palo_alto_networks:cortex_xdr_broker_vm:15.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:palo_alto_networks:cortex_xdr_broker_vm:16.1.4:*:*:*:*:*:*:*
http://security.paloaltonetworks.com/CVE-2024-0113
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
