CVE-2025-4228 MEDIUM

CVE-2025-4228: Cortex XDR Broker VM: Privilege Escalation (PE) Vulnerability

Vendor Palo Alto Networks
Product Cortex XDR Broker VM
Weakness CWE-266
Published June 12, 2025
Last update February 26, 2026

CVSS base score

4.6/10
Attack vector Local
Attack complexity Low
Privileges required High
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/AU:N/R:U/V:D/RE:M/U:Amber

What the vulnerability does

01Description

An incorrect privilege assignment vulnerability in Palo Alto Networks Cortex® XDR Broker VM allows an authenticated administrative user to execute certain files available within the Broker VM and escalate their privileges to root.

Key dates

02Disclosure timeline

June 12, 2025 CVE published
February 26, 2026 Record updated