RCE in Palo Alto Networks Cortex Xdr Broker Vm

CVE-2025-0134

A code injection vulnerability in the Palo Alto Networks Cortex XDR® Broker VM allows an authenticated user to execute arbitrary code with root privileges on the host operating system running Broker VM.

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.004 (32.3th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

References