{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-0113", "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "state": "PUBLISHED", "assignerShortName": "palo_alto", "dateReserved": "2024-12-20T23:23:14.923Z", "datePublished": "2025-02-12T21:05:08.795Z", "dateUpdated": "2025-04-09T16:16:48.152Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Cortex XDR Broker VM", "vendor": "Palo Alto Networks", "versions": [{"changes": [{"at": "26.0.116", "status": "unaffected"}], "lessThan": "26.0.116", "status": "affected", "version": "1.0.0", "versionType": "custom"}]}], "configurations": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "No special configuration is required to be affected by this issue."}], "value": "No special configuration is required to be affected by this issue."}], "credits": [{"lang": "en", "type": "finder", "value": "Julian Imper at Netcloud AG"}], "datePublic": "2025-02-12T17:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A problem with the network isolation mechanism of the Palo Alto Networks Cortex XDR Broker VM allows attackers unauthorized access to Docker containers from the host network used by Broker VM. This may allow access to read files sent for analysis and logs transmitted by the Cortex XDR Agent to the Cortex XDR server."}], "value": "A problem with the network isolation mechanism of the Palo Alto Networks Cortex XDR Broker VM allows attackers unauthorized access to Docker containers from the host network used by Broker VM. This may allow access to read files sent for analysis and logs transmitted by the Cortex XDR Agent to the Cortex XDR server."}], "exploits": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."}], "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."}], "impacts": [{"capecId": "CAPEC-629", "descriptions": [{"lang": "en", "value": "CAPEC-629 Unauthorized Use of Device Resources"}]}], "metrics": [{"cvssV4_0": {"Automatable": "YES", "Recovery": "USER", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "PHYSICAL", "baseScore": 5.3, "baseSeverity": "MEDIUM", "privilegesRequired": "NONE", "providerUrgency": "AMBER", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/AU:Y/R:U/V:C/RE:M/U:Amber", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "MODERATE"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-424", "description": "CWE-424: Improper Protection of Alternate Path", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "shortName": "palo_alto", "dateUpdated": "2025-04-09T16:16:48.152Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://security.paloaltonetworks.com/CVE-2025-0113"}], "solutions": [{"lang": "eng", "supportingMedia": [{"base64": false, "type": "text/html", "value": "This issue is fixed in Broker VM 26.0.116, and all later Broker VM versions. If you have enabled automatic upgrades for Broker VM, no action is needed. If you do not, we recommend that you enable automatic upgrades for Broker VM to ensure that you always have the latest security patches installed."}], "value": "This issue is fixed in Broker VM 26.0.116, and all later Broker VM versions.\u00a0If you have enabled automatic upgrades for Broker VM, no action is needed. If you do not, we recommend that you enable automatic upgrades for Broker VM to ensure that you always have the latest security patches installed."}], "source": {"defect": ["CRTX-123680"], "discovery": "EXTERNAL"}, "timeline": [{"lang": "en", "time": "2025-02-12T17:00:00.000Z", "value": "Initial Publication"}], "title": "Cortex XDR Broker VM: Unauthorized Access to Broker VM Docker Containers", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "There are no known workarounds or mitigations for this issue."}], "value": "There are no known workarounds or mitigations for this issue."}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-02-12T21:20:51.871975Z", "id": "CVE-2025-0113", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-12T21:22:17.666Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-0113", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-02-12T21:20:51.871975Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-12T21:20:31.798Z"}}], "cna": {"title": "Cortex XDR Broker VM: Unauthorized Access to Broker VM Docker Containers", "source": {"defect": ["CRTX-123680"], "discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Julian Imper at Netcloud AG"}], "impacts": [{"capecId": "CAPEC-629", "descriptions": [{"lang": "en", "value": "CAPEC-629 Unauthorized Use of Device Resources"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "USER", "baseScore": 5.3, "Automatable": "YES", "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/AU:Y/R:U/V:C/RE:M/U:Amber", "providerUrgency": "AMBER", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "MODERATE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Palo Alto Networks", "product": "Cortex XDR Broker VM", "versions": [{"status": "affected", "changes": [{"at": "26.0.116", "status": "unaffected"}], "version": "1.0.0", "lessThan": "26.0.116", "versionType": "custom"}], "defaultStatus": "unaffected"}], "exploits": [{"lang": "en", "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue.", "supportingMedia": [{"type": "text/html", "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue.", "base64": false}]}], "timeline": [{"lang": "en", "time": "2025-02-12T17:00:00.000Z", "value": "Initial Publication"}], "solutions": [{"lang": "eng", "value": "This issue is fixed in Broker VM 26.0.116, and all later Broker VM versions.\u00a0If you have enabled automatic upgrades for Broker VM, no action is needed. If you do not, we recommend that you enable automatic upgrades for Broker VM to ensure that you always have the latest security patches installed.", "supportingMedia": [{"type": "text/html", "value": "This issue is fixed in Broker VM 26.0.116, and all later Broker VM versions. If you have enabled automatic upgrades for Broker VM, no action is needed. If you do not, we recommend that you enable automatic upgrades for Broker VM to ensure that you always have the latest security patches installed.", "base64": false}]}], "datePublic": "2025-02-12T17:00:00.000Z", "references": [{"url": "https://security.paloaltonetworks.com/CVE-2025-0113", "tags": ["vendor-advisory"]}], "workarounds": [{"lang": "en", "value": "There are no known workarounds or mitigations for this issue.", "supportingMedia": [{"type": "text/html", "value": "There are no known workarounds or mitigations for this issue.", "base64": false}]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "A problem with the network isolation mechanism of the Palo Alto Networks Cortex XDR Broker VM allows attackers unauthorized access to Docker containers from the host network used by Broker VM. This may allow access to read files sent for analysis and logs transmitted by the Cortex XDR Agent to the Cortex XDR server.", "supportingMedia": [{"type": "text/html", "value": "A problem with the network isolation mechanism of the Palo Alto Networks Cortex XDR Broker VM allows attackers unauthorized access to Docker containers from the host network used by Broker VM. This may allow access to read files sent for analysis and logs transmitted by the Cortex XDR Agent to the Cortex XDR server.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-424", "description": "CWE-424: Improper Protection of Alternate Path"}]}], "configurations": [{"lang": "en", "value": "No special configuration is required to be affected by this issue.", "supportingMedia": [{"type": "text/html", "value": "No special configuration is required to be affected by this issue.", "base64": false}]}], "providerMetadata": {"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "shortName": "palo_alto", "dateUpdated": "2025-04-09T16:16:48.152Z"}}}, "cveMetadata": {"cveId": "CVE-2025-0113", "state": "PUBLISHED", "dateUpdated": "2025-04-09T16:16:48.152Z", "dateReserved": "2024-12-20T23:23:14.923Z", "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "datePublished": "2025-02-12T21:05:08.795Z", "assignerShortName": "palo_alto"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A problem with the network isolation mechanism of the Palo Alto Networks Cortex XDR Broker VM allows attackers unauthorized access to Docker containers from the host network used by Broker VM. This may allow access to read files sent for analysis and logs transmitted by the Cortex XDR Agent to the Cortex XDR server."}, {"lang": "es", "value": "Un problema con el mecanismo de aislamiento de red de la m\u00e1quina virtual Broker Cortex XDR de Palo Alto Networks permite a los atacantes acceder sin autorizaci\u00f3n a los contenedores Docker desde la red host utilizada por la m\u00e1quina virtual Broker. Esto puede permitir el acceso para leer archivos enviados para an\u00e1lisis y registros transmitidos por el agente Cortex XDR al servidor Cortex XDR."}], "id": "CVE-2025-0113", "lastModified": "2025-04-09T17:15:30.810", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "YES", "Recovery": "USER", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "PHYSICAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "AMBER", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:C/RE:M/U:Amber", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "MODERATE"}, "source": "psirt@paloaltonetworks.com", "type": "Secondary"}]}, "published": "2025-02-12T21:15:16.950", "references": [{"source": "psirt@paloaltonetworks.com", "url": "https://security.paloaltonetworks.com/CVE-2025-0113"}], "sourceIdentifier": "psirt@paloaltonetworks.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-424"}], "source": "psirt@paloaltonetworks.com", "type": "Secondary"}]}

{}