{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-0121", "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "state": "PUBLISHED", "assignerShortName": "palo_alto", "dateReserved": "2024-12-20T23:23:22.401Z", "datePublished": "2025-04-11T01:45:54.148Z", "dateUpdated": "2025-04-11T16:02:36.119Z"}, "containers": {"cna": {"affected": [{"cpes": ["cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:8.6.0:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:8.5.0:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:8.5.1:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:8.3-CE:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:7.9-CE:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:7.9.101-CE:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:7.9.102-CE:-:*:*:*:*:*:*"], "defaultStatus": "unaffected", "platforms": ["Windows"], "product": "Cortex XDR Agent", "vendor": "Palo Alto Networks", "versions": [{"changes": [{"at": "6.3.3", "status": "unaffected"}], "lessThan": "6.3.3", "status": "unaffected", "version": "8.7.0", "versionType": "custom"}, {"changes": [{"at": "8.6.1", "status": "unaffected"}], "lessThan": "8.6.1", "status": "affected", "version": "8.6.0", "versionType": "custom"}, {"changes": [{"at": "8.5.2", "status": "unaffected"}], "lessThan": "8.5.2", "status": "affected", "version": "8.5.0", "versionType": "custom"}, {"changes": [{"at": "8.3.101-CE HF", "status": "unaffected"}], "lessThan": "8.3.101-CE HF", "status": "affected", "version": "8.3-CE", "versionType": "custom"}, {"changes": [{"at": "7.9.103-CE HF", "status": "unaffected"}], "lessThan": "7.9.103-CE HF", "status": "affected", "version": "7.9-CE", "versionType": "custom"}]}], "configurations": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "No special configuration is needed to be affected by this issue."}], "value": "No special configuration is needed to be affected by this issue."}], "credits": [{"lang": "en", "type": "finder", "value": "adcisseckilled"}], "datePublic": "2025-04-09T16:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A null pointer dereference vulnerability in the Palo Alto Networks Cortex\u00ae XDR agent on Windows devices allows a low-privileged local Windows user to crash the agent. Additionally, malware can use this vulnerability to perform malicious activity without Cortex XDR being able to detect it."}], "value": "A null pointer dereference vulnerability in the Palo Alto Networks Cortex\u00ae XDR agent on Windows devices allows a low-privileged local Windows user to crash the agent. Additionally, malware can use this vulnerability to perform malicious activity without Cortex XDR being able to detect it."}], "exploits": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."}], "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."}], "impacts": [{"capecId": "CAPEC-578", "descriptions": [{"lang": "en", "value": "CAPEC-578 Disable Security Software"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NO", "Recovery": "USER", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 6.8, "baseSeverity": "MEDIUM", "privilegesRequired": "LOW", "providerUrgency": "AMBER", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/AU:N/R:U/V:D/RE:M/U:Amber", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "MODERATE"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-476", "description": "CWE-476 NULL Pointer Dereference", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "shortName": "palo_alto", "dateUpdated": "2025-04-11T01:45:54.148Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://security.paloaltonetworks.com/CVE-2025-0121"}], "solutions": [{"lang": "eng", "supportingMedia": [{"base64": false, "type": "text/html", "value": "This issue is fixed in Cortex XDR Agent 8.6.1, Cortex XDR Agent 8.5.2, Cortex XDR Agent 8.3.101-CE HF, Cortex XDR Agent 7.9.103-CE HF, and all later Cortex XDR Agent versions."}], "value": "This issue is fixed in Cortex XDR Agent 8.6.1, Cortex XDR Agent 8.5.2, Cortex XDR Agent 8.3.101-CE HF, Cortex XDR Agent 7.9.103-CE HF, and all later Cortex XDR Agent versions."}], "source": {"defect": ["CPATR-26258"], "discovery": "EXTERNAL"}, "timeline": [{"lang": "en", "time": "2025-04-09T16:00:00.000Z", "value": "Initial Publication"}], "title": "Cortex XDR Agent: Local Windows User Can Crash the Agent", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "There are no known workarounds for this issue."}], "value": "There are no known workarounds for this issue."}], "x_affectedList": ["Cortex XDR Agent 8.6.0", "Cortex XDR Agent 8.5.0", "Cortex XDR Agent 8.5.1", "Cortex XDR Agent 8.3-CE", "Cortex XDR Agent 7.9-CE", "Cortex XDR Agent 7.9.101-CE", "Cortex XDR Agent 7.9.102-CE"], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-11T15:44:45.921667Z", "id": "CVE-2025-0121", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-11T16:02:36.119Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-0121", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-11T15:44:45.921667Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-11T15:44:52.156Z"}}], "cna": {"title": "Cortex XDR Agent: Local Windows User Can Crash the Agent", "source": {"defect": ["CPATR-26258"], "discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "adcisseckilled"}], "impacts": [{"capecId": "CAPEC-578", "descriptions": [{"lang": "en", "value": "CAPEC-578 Disable Security Software"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "USER", "baseScore": 6.8, "Automatable": "NO", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/AU:N/R:U/V:D/RE:M/U:Amber", "providerUrgency": "AMBER", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "MODERATE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"cpes": ["cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:8.6.0:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:8.5.0:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:8.5.1:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:8.3-CE:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:7.9-CE:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:7.9.101-CE:-:*:*:*:*:*:*", "cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:7.9.102-CE:-:*:*:*:*:*:*"], "vendor": "Palo Alto Networks", "product": "Cortex XDR Agent", "versions": [{"status": "unaffected", "changes": [{"at": "6.3.3", "status": "unaffected"}], "version": "8.7.0", "lessThan": "6.3.3", "versionType": "custom"}, {"status": "affected", "changes": [{"at": "8.6.1", "status": "unaffected"}], "version": "8.6.0", "lessThan": "8.6.1", "versionType": "custom"}, {"status": "affected", "changes": [{"at": "8.5.2", "status": "unaffected"}], "version": "8.5.0", "lessThan": "8.5.2", "versionType": "custom"}, {"status": "affected", "changes": [{"at": "8.3.101-CE HF", "status": "unaffected"}], "version": "8.3-CE", "lessThan": "8.3.101-CE HF", "versionType": "custom"}, {"status": "affected", "changes": [{"at": "7.9.103-CE HF", "status": "unaffected"}], "version": "7.9-CE", "lessThan": "7.9.103-CE HF", "versionType": "custom"}], "platforms": ["Windows"], "defaultStatus": "unaffected"}], "exploits": [{"lang": "en", "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue.", "supportingMedia": [{"type": "text/html", "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue.", "base64": false}]}], "timeline": [{"lang": "en", "time": "2025-04-09T16:00:00.000Z", "value": "Initial Publication"}], "solutions": [{"lang": "eng", "value": "This issue is fixed in Cortex XDR Agent 8.6.1, Cortex XDR Agent 8.5.2, Cortex XDR Agent 8.3.101-CE HF, Cortex XDR Agent 7.9.103-CE HF, and all later Cortex XDR Agent versions.", "supportingMedia": [{"type": "text/html", "value": "This issue is fixed in Cortex XDR Agent 8.6.1, Cortex XDR Agent 8.5.2, Cortex XDR Agent 8.3.101-CE HF, Cortex XDR Agent 7.9.103-CE HF, and all later Cortex XDR Agent versions.", "base64": false}]}], "datePublic": "2025-04-09T16:00:00.000Z", "references": [{"url": "https://security.paloaltonetworks.com/CVE-2025-0121", "tags": ["vendor-advisory"]}], "workarounds": [{"lang": "en", "value": "There are no known workarounds for this issue.", "supportingMedia": [{"type": "text/html", "value": "There are no known workarounds for this issue.", "base64": false}]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "A null pointer dereference vulnerability in the Palo Alto Networks Cortex\u00ae XDR agent on Windows devices allows a low-privileged local Windows user to crash the agent. Additionally, malware can use this vulnerability to perform malicious activity without Cortex XDR being able to detect it.", "supportingMedia": [{"type": "text/html", "value": "A null pointer dereference vulnerability in the Palo Alto Networks Cortex\u00ae XDR agent on Windows devices allows a low-privileged local Windows user to crash the agent. Additionally, malware can use this vulnerability to perform malicious activity without Cortex XDR being able to detect it.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-476", "description": "CWE-476 NULL Pointer Dereference"}]}], "configurations": [{"lang": "en", "value": "No special configuration is needed to be affected by this issue.", "supportingMedia": [{"type": "text/html", "value": "No special configuration is needed to be affected by this issue.", "base64": false}]}], "x_affectedList": ["Cortex XDR Agent 8.6.0", "Cortex XDR Agent 8.5.0", "Cortex XDR Agent 8.5.1", "Cortex XDR Agent 8.3-CE", "Cortex XDR Agent 7.9-CE", "Cortex XDR Agent 7.9.101-CE", "Cortex XDR Agent 7.9.102-CE"], "providerMetadata": {"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "shortName": "palo_alto", "dateUpdated": "2025-04-11T01:45:54.148Z"}}}, "cveMetadata": {"cveId": "CVE-2025-0121", "state": "PUBLISHED", "dateUpdated": "2025-04-11T16:02:36.119Z", "dateReserved": "2024-12-20T23:23:22.401Z", "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "datePublished": "2025-04-11T01:45:54.148Z", "assignerShortName": "palo_alto"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A null pointer dereference vulnerability in the Palo Alto Networks Cortex\u00ae XDR agent on Windows devices allows a low-privileged local Windows user to crash the agent. Additionally, malware can use this vulnerability to perform malicious activity without Cortex XDR being able to detect it."}, {"lang": "es", "value": " Una vulnerabilidad de desreferencia de puntero nulo en el agente Cortex\u00ae XDR de Palo Alto Networks en dispositivos Windows permite que un usuario local de Windows con bajos privilegios bloquee el agente. Adem\u00e1s, el malware puede utilizar esta vulnerabilidad para realizar actividades maliciosas sin que Cortex XDR pueda detectarlas."}], "id": "CVE-2025-0121", "lastModified": "2025-04-11T15:39:52.920", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NO", "Recovery": "USER", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "AMBER", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Amber", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "MODERATE"}, "source": "psirt@paloaltonetworks.com", "type": "Secondary"}]}, "published": "2025-04-11T02:15:18.403", "references": [{"source": "psirt@paloaltonetworks.com", "url": "https://security.paloaltonetworks.com/CVE-2025-0121"}], "sourceIdentifier": "psirt@paloaltonetworks.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "psirt@paloaltonetworks.com", "type": "Secondary"}]}

{}