Auth bypass in Palo Alto Networks Cortex Xdr Broker Vm
CVE-2025-0132
A missing authentication vulnerability in Palo Alto Networks Cortex XDR® Broker VM allows an unauthenticated user to disable certain internal services on the Broker VM. The attacker must have network access to the Broker VM to exploit th…
Vulnerability class: Broken Authentication
EPSS: 0.004 (30.9th percentile) — read the EPSS interpretation.
Affected products
- Palo Alto Networks Cortex Xdr Broker Vm — versions 26.0.0
Weakness classification (CWE)
References
- psirt@paloaltonetworks.com (vendor-advisory)