CVE-2025-0112 — Vulnetix

Try Vulnetix Request Demo

CVE-2025-0112 PUBLISHED CVSS 6.800000190734863 MEDIUM

A problem with a detection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices enables a user with Windows non-administrative privileges to disable the agent. This vulnerability can also be leveraged by malware to disable the Cortex XDR agent and then perform malicious activity.

EPSS 0.12% · 30.5th percentile

Risk Scores

CVSS v4.0

6.800000190734863

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/AU:Y/R:U/V:D/U:Amber

EPSS Score

0.12%

30.5th percentile

Affected Products

Vendor	Product	Versions
Palo Alto Networks	Cortex XDR Agent	8.3-CE, 8.4.0, 8.5.0

Timeline

Feb 12, 2025 PoC Published
Feb 12, 2025 PoC Published
Feb 12, 2025 PoC Published
Feb 13, 2025 CVE Published
Feb 19, 2025 PoC Published
Feb 20, 2025 EPSS Score
Feb 20, 2025 Coalition ESS Score
Feb 20, 2025 PoC Published
Mar 6, 2025 EPSS Score
Mar 19, 2025 EPSS Score
Apr 2, 2025 EPSS Score
Apr 16, 2025 EPSS Score

References

https://security.paloaltonetworks.com/CVE-2025-0112 vendor-advisory
https://security.paloaltonetworks.com/CVE-2024-1135 advisory
https://security.paloaltonetworks.com/CVE-2025-0109 advisory
https://security.paloaltonetworks.com/CVE-2025-0110 advisory
https://security.paloaltonetworks.com/CVE-2025-0108 advisory
https://security.paloaltonetworks.com/CVE-2025-0113 advisory
https://security.paloaltonetworks.com/PAN-SA-2025-0004 advisory
https://security.paloaltonetworks.com/CVE-2025-0111 advisory
https://nvd.nist.gov/vuln/detail/CVE-2025-0112 advisory

Open in Interactive Console →