CVE-2025-2184

A credential management flaw in Palo Alto Networks Cortex XDR® Broker VM causes different Broker VM images to share identical default credentials for internal services. Users knowing these default credentials could access internal services on other Broker VM installations. The attacker must have network access to the Broker VM to exploit this issue.

CVSS

No CVSS.

References

Link	Resource
https://security.paloaltonetworks.com/CVE-2025-2184

Configurations

No configuration.

History

15 Apr 2026, 00:35

Type	Values Removed	Values Added
Summary		(es) Una falla en la gestión de credenciales en la máquina virtual Broker Cortex XDR® de Palo Alto Networks provoca que diferentes imágenes de la máquina virtual Broker compartan credenciales predeterminadas idénticas para servicios internos. Los usuarios que conozcan estas credenciales predeterminadas podrían acceder a servicios internos en otras instalaciones de la máquina virtual Broker. El atacante debe tener acceso de red a la máquina virtual Broker para explotar este problema.

13 Aug 2025, 17:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-08-13 17:15

Updated : 2026-04-15 00:35

NVD link : CVE-2025-2184

Mitre link : CVE-2025-2184

CVE.ORG link : CVE-2025-2184

JSON object : View

Products Affected

No product.

CWE

CWE-1392

Use of Default Credentials

{"id": "CVE-2025-2184", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "psirt@paloaltonetworks.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "USER", "baseScore": 5.3, "Automatable": "YES", "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:C/RE:M/U:Amber", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "AMBER", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "MODERATE", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-08-13T17:15:27.513", "references": [{"url": "https://security.paloaltonetworks.com/CVE-2025-2184", "source": "psirt@paloaltonetworks.com"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "psirt@paloaltonetworks.com", "description": [{"lang": "en", "value": "CWE-1392"}]}], "descriptions": [{"lang": "en", "value": "A credential management flaw in Palo Alto Networks Cortex XDR\u00ae Broker VM causes different Broker VM images to share identical default credentials for internal services. Users knowing these default credentials could access internal services on other Broker VM installations.\n\nThe attacker must have network access to the Broker VM to exploit this issue."}, {"lang": "es", "value": "Una falla en la gesti\u00f3n de credenciales en la m\u00e1quina virtual Broker Cortex XDR\u00ae de Palo Alto Networks provoca que diferentes im\u00e1genes de la m\u00e1quina virtual Broker compartan credenciales predeterminadas id\u00e9nticas para servicios internos. Los usuarios que conozcan estas credenciales predeterminadas podr\u00edan acceder a servicios internos en otras instalaciones de la m\u00e1quina virtual Broker. El atacante debe tener acceso de red a la m\u00e1quina virtual Broker para explotar este problema."}], "lastModified": "2026-04-15T00:35:42.020", "sourceIdentifier": "psirt@paloaltonetworks.com"}