VDB
CVE-2025-0113
CVE-2025-0113
PUBLISHED
CVSS 5.300000190734863 MEDIUM
A problem with the network isolation mechanism of the Palo Alto Networks Cortex XDR Broker VM allows attackers unauthorized access to Docker containers from the host network used by Broker VM. This may allow access to read files sent for analysis and logs transmitted by the Cortex XDR Agent to the Cortex XDR server.
EPSS 0.26% · 50.2th percentile
Risk Scores
CVSS 4.0
5.300000190734863
CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/AU:Y/R:U/V:C/RE:M/U:Amber
EPSS Score
0.26%
50.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Palo Alto Networks | Cortex XDR Broker VM | 1.0.0 |
Exploit Intelligence
- CIRCL seen: CVE-2025-0113 (circl-sighting)
- CIRCL seen: CVE-2025-0113 (circl-sighting)
- CIRCL seen: CVE-2025-0113 (circl-sighting)
- CIRCL seen: CVE-2025-0113 (circl-sighting)
- CIRCL seen: CVE-2025-0113 (circl-sighting)
- https://security.paloaltonetworks.com/CVE-2025-0113 (circl)
- Checks for CVE-2025-0108, an authentication bypass vulnerability in Palo Alto Networks PAN-OS. The script attempts to access the following endpoint: `/unauth/%252e%252e/php/ztp_gate.php/PAN_help/x.css` If it returns a `200 OK` and contains "Zero Touch Provisioning," the system is considered vulnerable. (nmap-nse)
- Checks for CVE-2025-0108, an authentication bypass vulnerability in Palo Alto Networks PAN-OS. The script attempts to access the following endpoint: `/unauth/%252e%252e/php/ztp_gate.php/PAN_help/x.css` If it returns a `200 OK` and contains "Zero Touch Provisioning," the system is considered vulnerable. (nmap-nse)
- Checks for CVE-2025-0108, an authentication bypass vulnerability in Palo Alto Networks PAN-OS. The script attempts to access the following endpoint: `/unauth/%252e%252e/php/ztp_gate.php/PAN_help/x.css` If it returns a `200 OK` and contains "Zero Touch Provisioning," the system is considered vulnerable. (nmap-nse)
- Checks for CVE-2025-0108, an authentication bypass vulnerability in Palo Alto Networks PAN-OS. The script attempts to access the following endpoint: `/unauth/%252e%252e/php/ztp_gate.php/PAN_help/x.css` If it returns a `200 OK` and contains "Zero Touch Provisioning," the system is considered vulnerable. (nmap-nse)
…and 6 more exploits
Timeline
- Dec 20, 2024 CVE ID Reserved
- Feb 12, 2025 PoC Published
- Feb 12, 2025 PoC Published
- Feb 12, 2025 PoC Published
- Feb 12, 2025 CVE Published
- Feb 12, 2025 PoC Published
- Feb 13, 2025 EPSS Score
- Feb 13, 2025 PoC Published
- Feb 19, 2025 PoC Published
- Feb 28, 2025 EPSS Score
- Mar 1, 2025 Coalition ESS Score
- Mar 14, 2025 EPSS Score
References
- https://security.paloaltonetworks.com/CVE-2024-1135 advisory
- https://security.paloaltonetworks.com/CVE-2025-0109 advisory
- https://security.paloaltonetworks.com/CVE-2025-0110 advisory
- https://security.paloaltonetworks.com/CVE-2025-0108 advisory
- https://security.paloaltonetworks.com/CVE-2025-0113 advisory
- https://security.paloaltonetworks.com/PAN-SA-2025-0004 advisory
- https://security.paloaltonetworks.com/CVE-2025-0112 advisory
- https://security.paloaltonetworks.com/CVE-2025-0111 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2025-0113 advisory
- https://security.paloaltonetworks.com/CVE-2024-0113 url