Information disclosure in Palo Alto Networks Cortex Xdr Microsoft 365 Defender Pack

CVE-2025-4234

A problem with the Palo Alto Networks Cortex XDR Microsoft 365 Defender Pack can result in exposure of user credentials in application logs. Normally, these application logs are only viewable by local users and are included when generating…

EPSS: 0.001 (2.6th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

Public proof-of-concept exploits

References

Frequently asked questions

What is CVE-2025-4234?
CVE-2025-4234 is a vulnerability in Palo Alto Networks Cortex Xdr Microsoft 365 Defender Pack, classified under Insertion of Sensitive Information into Log File. Published 2025-09-12.
Is CVE-2025-4234 known to be exploited?
1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.