Happy #PatchTuesday from **Palo Alto Networks** (LIKELY ZERO-DAYS):
(Note: PAN likes to downplay severity by showing the base + threat metrics CVSSv4 score. I listed base score only) <li><a href="https://security.paloaltonetworks.com/CVE-2025-0113"; target="_blank" rel="nofollow noopener">CVE-2025-0113</a> (CVSSv4.0: 7.6 high) Cortex XDR Broker VM: Unauthorized Access to Broker VM Docker Containers</li><li><a href="https://security.paloaltonetworks.com/CVE-2025-0112"; target="_blank" rel="nofollow noopener">CVE-2025-0112</a> (CVSSv4: 6.8 medium) Cortex XDR Agent: Local Windows User Can Disable the Agent</li><li><a href="https://security.paloaltonetworks.com/CVE-2025-0110"; target="_blank" rel="nofollow noopener">CVE-2025-0110</a> (CVSSv4.0: 8.6 high) PAN-OS OpenConfig Plugin: Command Injection Vulnerability in OpenConfig Plugin<ul><li>Exploit Maturity: POC 🤔</li></ul></li><li><a href="https://security.paloaltonetworks.com/PAN-SA-2025-0005"; target="_blank" rel="nofollow noopener">PAN-SA-2025-0005</a> GlobalProtect Clientless VPN: Same-Origin Policy Does Not Apply When Using Clientless VPN</li><li><a href="https://security.paloaltonetworks.com/PAN-SA-2025-0004"; target="_blank" rel="nofollow noopener">PAN-SA-2025-0004</a> Chromium: Monthly Vulnerability Update (February 2025) (multiple CVEs)</li><li><a href="https://security.paloaltonetworks.com/CVE-2025-0109"; target="_blank" rel="nofollow noopener">CVE-2025-0109</a> (CVSSv4: 6.9 medium) PAN-OS: Unauthenticated File Deletion Vulnerability on the Management Web Interface<ul><li>Exploit Maturity: POC 🤔</li></ul></li><li><a href="https://security.paloaltonetworks.com/CVE-2025-0111"; target="_blank" rel="nofollow noopener">CVE-2025-0111</a> (7.1 high) PAN-OS: Authenticated File Read Vulnerability in the Management Web Interface</li>
> Palo Alto Networks is not aware of any malicious exploitation of this issue.
My new concern is whether I should say #zeroday for CVE-2025-0110 and 0109. Based on the First criteria for Exploit Maturity:
> Based on threat intelligence sources each of the following must apply:<li>Proof-of-concept is publicly available</li><li>No knowledge of reported attempts to exploit this vulnerability</li><li>No knowledge of publicly available solutions used to simplify attempts to exploit the vulnerability</li>
#paloaltonetworks #infosec #vulnerability #cve #cybersecurity #poc #proofofconcept
Not Simon 🐐
npub14g…xznd6
2025-02-12 17:49:45 UTC
in reply to nevent1q…tzyv
Author Public Key
npub14g0mj0fmn0sepfuhp2wupyk7d8xyz7rezpmrx2gfsav9vxlwxypq4xznd6Seen on
wss://relay.momostr.pinkPublished at
2025-02-12 17:49:45 UTCEvent JSON
{
"id": "176c71f499a1f9471416d3251ff486036a13a979b114a505072e145839ef0a67",
"pubkey": "aa1fb93d3b9be190a7970a9dc092de69cc41787910763329098758561bee3102",
"created_at": 1739382585,
"kind": 1,
"tags": [
[
"e",
"31fe37ea949b57016a89374d925f929ecde46d422c5a8766798f44cca5e9704a",
"",
"root",
"aa1fb93d3b9be190a7970a9dc092de69cc41787910763329098758561bee3102"
],
[
"p",
"86b397086a130510861dd58f255fadeee1c47815185fa3bb628a06b4d6af31ac"
],
[
"proxy",
"https://infosec.exchange/@screaminggoat/113992177119940610",
"web"
],
[
"e",
"beeb7dc5e1af61ce4201c0b07b6ec17cf43c92d870e8d0ed200b0c94a66affc0",
"",
"reply",
"aa1fb93d3b9be190a7970a9dc092de69cc41787910763329098758561bee3102"
],
[
"t",
"vulnerability"
],
[
"t",
"patchtuesday"
],
[
"t",
"zeroday"
],
[
"t",
"paloaltonetworks"
],
[
"t",
"cve"
],
[
"p",
"0d873008be129d8b236e47f16c6108d533d9b1d17059c8661e9841f633505bf5"
],
[
"t",
"poc"
],
[
"t",
"proofofconcept"
],
[
"t",
"infosec"
],
[
"p",
"aa1fb93d3b9be190a7970a9dc092de69cc41787910763329098758561bee3102"
],
[
"t",
"cybersecurity"
],
[
"proxy",
"https://infosec.exchange/users/screaminggoat/statuses/113992177119940610",
"activitypub"
],
[
"L",
"pink.momostr"
],
[
"l",
"pink.momostr.activitypub:https://infosec.exchange/users/screaminggoat/statuses/113992177119940610",
"pink.momostr"
],
[
"-"
]
],
"content": "Happy #PatchTuesday from **Palo Alto Networks** (LIKELY ZERO-DAYS):\n(Note: PAN likes to downplay severity by showing the base + threat metrics CVSSv4 score. I listed base score only) \u003cli\u003e\u003ca href=\"https://security.paloaltonetworks.com/CVE-2025-0113\" target=\"_blank\" rel=\"nofollow noopener\"\u003eCVE-2025-0113\u003c/a\u003e (CVSSv4.0: 7.6 high) Cortex XDR Broker VM: Unauthorized Access to Broker VM Docker Containers\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://security.paloaltonetworks.com/CVE-2025-0112\" target=\"_blank\" rel=\"nofollow noopener\"\u003eCVE-2025-0112\u003c/a\u003e (CVSSv4: 6.8 medium) Cortex XDR Agent: Local Windows User Can Disable the Agent\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://security.paloaltonetworks.com/CVE-2025-0110\" target=\"_blank\" rel=\"nofollow noopener\"\u003eCVE-2025-0110\u003c/a\u003e (CVSSv4.0: 8.6 high) PAN-OS OpenConfig Plugin: Command Injection Vulnerability in OpenConfig Plugin\u003cul\u003e\u003cli\u003eExploit Maturity: POC 🤔\u003c/li\u003e\u003c/ul\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://security.paloaltonetworks.com/PAN-SA-2025-0005\" target=\"_blank\" rel=\"nofollow noopener\"\u003ePAN-SA-2025-0005\u003c/a\u003e GlobalProtect Clientless VPN: Same-Origin Policy Does Not Apply When Using Clientless VPN\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://security.paloaltonetworks.com/PAN-SA-2025-0004\" target=\"_blank\" rel=\"nofollow noopener\"\u003ePAN-SA-2025-0004\u003c/a\u003e Chromium: Monthly Vulnerability Update (February 2025) (multiple CVEs)\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://security.paloaltonetworks.com/CVE-2025-0109\" target=\"_blank\" rel=\"nofollow noopener\"\u003eCVE-2025-0109\u003c/a\u003e (CVSSv4: 6.9 medium) PAN-OS: Unauthenticated File Deletion Vulnerability on the Management Web Interface\u003cul\u003e\u003cli\u003eExploit Maturity: POC 🤔\u003c/li\u003e\u003c/ul\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://security.paloaltonetworks.com/CVE-2025-0111\" target=\"_blank\" rel=\"nofollow noopener\"\u003eCVE-2025-0111\u003c/a\u003e (7.1 high) PAN-OS: Authenticated File Read Vulnerability in the Management Web Interface\u003c/li\u003e\n\n\u003e Palo Alto Networks is not aware of any malicious exploitation of this issue.\n\nMy new concern is whether I should say #zeroday for CVE-2025-0110 and 0109. Based on the First criteria for Exploit Maturity:\n\n\u003e Based on threat intelligence sources each of the following must apply:\u003cli\u003eProof-of-concept is publicly available\u003c/li\u003e\u003cli\u003eNo knowledge of reported attempts to exploit this vulnerability\u003c/li\u003e\u003cli\u003eNo knowledge of publicly available solutions used to simplify attempts to exploit the vulnerability\u003c/li\u003e\n\n#paloaltonetworks #infosec #vulnerability #cve #cybersecurity #poc #proofofconcept",
"sig": "5ae4a6009d368af21394bff0e3b119d64e8c180f89eb40f742c1c61869fa0ed537744d8473199f3e2bd097d1800759ebeab4153c42c26d9f035b9454eaa26b3e"
}