[Palo Alto Networks Security Advisories] CVE-2025-2184 Cortex XDR Broker VM: Secrets Shared Across Multiple Broker VMImages

Palo Alto Networks Security Advisories /CVE-2025-2184

CVE-2025-2184 Cortex XDR Broker VM: Secrets Shared Across Multiple Broker VM Images

UrgencyMODERATE

Severity4.9 ·MEDIUM

Exploit MaturityUNREPORTED

Response EffortMODERATE

RecoveryUSER

Value DensityCONCENTRATED

Attack VectorADJACENT

Attack ComplexityLOW

Attack RequirementsPRESENT

AutomatableYES

User InteractionNONE

Product ConfidentialityHIGH

Product IntegrityHIGH

Product AvailabilityNONE

Privileges RequiredNONE

Subsequent ConfidentialityNONE

Subsequent IntegrityNONE

Subsequent AvailabilityNONE

CVE JSON CSAF

Published2025-08-13

Updated2025-08-13

ReferenceCRTX-104867

Discoveredinternally

Description

A credential management flaw in Palo Alto Networks Cortex XDR® Broker VM causes different Broker VM images to share identical default credentials for internal services. Users knowing these default credentials could access internal services on other Broker VM installations.

The attacker must have network access to the Broker VM to exploit this issue.

Product Status

Versions	Affected	Unaffected
Cortex XDR Broker VM 28.0.0	< 28.0.52	>= 28.0.52

Required Configuration for Exposure

No special configuration is required to be affected by this issue.

Severity:MEDIUM, Suggested Urgency:MODERATE

CVSS-BT:4.9 /CVSS-B:7.6 (CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/AU:Y/R:U/V:C/RE:M/U:Amber)

Exploitation Status

Palo Alto Networks is not aware of any malicious exploitation of this issue.

Weakness Type and Impact

CWE-1392: Use of Default Credentials

CAPEC-114 Authentication Abuse

Solution

If automatic upgrades are enabled for Broker VM, then no action is required at this time.

If automatic upgrades are not enabled for Broker VM, then we recommend that you do so to ensure that you always have the latest security patches installed in your software.

Workarounds and Mitigations

No known workarounds exist for this issue.

Acknowledgments

This issue was discovered during an internal penetration test.

CPE Applicability

cpe:2.3:a:palo_alto_networks:cortex_xdr_broker_vm:*:*:*:*:*:*:*:* is vulnerable from (including)28.0.0 and up to (excluding)28.0.52

Timeline

2025-08-13Initial Publication

A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below

Buy Me A Coffee

Patreon

To keep up to date follow us on the below channels.

Tags: CVE, OSINT, threatintel