Search criteria
2 vulnerabilities found for Cortex XDR Microsoft 365 Defender Pack by Palo Alto Networks
CVE-2025-4234 (GCVE-0-2025-4234)
Vulnerability from nvd – Published: 2025-09-12 17:18 – Updated: 2025-09-13 03:55
VLAI?
Title
Cortex XDR Microsoft 365 Defender Pack: Cleartext Exposure of Credentials
Summary
A problem with the Palo Alto Networks Cortex XDR Microsoft 365 Defender Pack can result in exposure of user credentials in application logs. Normally, these application logs are only viewable by local users and are included when generating logs for troubleshooting purposes. This means that these credentials are exposed to recipients of the application logs.
Severity ?
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Palo Alto Networks | Cortex XDR Microsoft 365 Defender Pack |
Affected:
4.6.0 , < 11.0.2-133
(custom)
|
Credits
RC
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4234",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-12T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-13T03:55:39.594Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Cortex XDR Microsoft 365 Defender Pack",
"vendor": "Palo Alto Networks",
"versions": [
{
"changes": [
{
"at": "4.6.5",
"status": "unaffected"
}
],
"lessThan": "11.0.2-133",
"status": "affected",
"version": "4.6.0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The Microsoft 365 Defender Pack must be enabled.\u0026nbsp;"
}
],
"value": "The Microsoft 365 Defender Pack must be enabled."
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "RC"
}
],
"datePublic": "2025-09-10T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A problem with the Palo Alto Networks Cortex XDR Microsoft 365 Defender Pack can result in exposure of user credentials in application logs. Normally, these application logs are only viewable by local users and are included when generating logs for troubleshooting purposes. This means that these credentials are exposed to recipients of the application logs."
}
],
"value": "A problem with the Palo Alto Networks Cortex XDR Microsoft 365 Defender Pack can result in exposure of user credentials in application logs. Normally, these application logs are only viewable by local users and are included when generating logs for troubleshooting purposes. This means that these credentials are exposed to recipients of the application logs."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"impacts": [
{
"capecId": "CAPEC-21",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-21 Exploitation of Trusted Credentials"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 2.4,
"baseSeverity": "LOW",
"privilegesRequired": "LOW",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "PASSIVE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:L/VI:N/VA:N/SC:H/SI:H/SA:H/AU:N/R:U/V:D/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532: Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-12T17:18:11.618Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://security.paloaltonetworks.com/CVE-2025-4234"
}
],
"solutions": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ctable\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eVersion\u003cbr\u003e\u003c/th\u003e\u003cth\u003eMinor Version\u003cbr\u003e\u003c/th\u003e\u003cth\u003eSuggested Solution\u003cbr\u003e\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\n \u003ctd\u003eCortex XDR Microsoft 365 Defender Pack 4.6 on Windows\u003cbr\u003e\u003c/td\u003e\n \u003ctd\u003e4.6.0 through 4.6.4\u003c/td\u003e\n \u003ctd\u003eUpgrade to 4.6.5 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003cbr\u003eRotate any Client Secrets for Azure Applications that attempted connection with the Microsoft 365 Defender Pack.\u0026nbsp;"
}
],
"value": "Version\nMinor Version\nSuggested Solution\n\n Cortex XDR Microsoft 365 Defender Pack 4.6 on Windows\n\n 4.6.0 through 4.6.4\n Upgrade to 4.6.5 or later.\n \nRotate any Client Secrets for Azure Applications that attempted connection with the Microsoft 365 Defender Pack."
}
],
"source": {
"defect": [
"CRTX-178569"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2025-09-10T16:00:00.000Z",
"value": "Initial Publication"
}
],
"title": "Cortex XDR Microsoft 365 Defender Pack: Cleartext Exposure of Credentials",
"workarounds": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "No known workarounds exist for this issue."
}
],
"value": "No known workarounds exist for this issue."
}
],
"x_affectedList": [
"Cortex XDR Microsoft 365 Defender Pack 4.6.0",
"Cortex XDR Microsoft 365 Defender Pack 4.6.1",
"Cortex XDR Microsoft 365 Defender Pack 4.6.2",
"Cortex XDR Microsoft 365 Defender Pack 4.6.3",
"Cortex XDR Microsoft 365 Defender Pack 4.6.4"
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2025-4234",
"datePublished": "2025-09-12T17:18:11.618Z",
"dateReserved": "2025-05-02T19:10:49.753Z",
"dateUpdated": "2025-09-13T03:55:39.594Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-4234 (GCVE-0-2025-4234)
Vulnerability from cvelistv5 – Published: 2025-09-12 17:18 – Updated: 2025-09-13 03:55
VLAI?
Title
Cortex XDR Microsoft 365 Defender Pack: Cleartext Exposure of Credentials
Summary
A problem with the Palo Alto Networks Cortex XDR Microsoft 365 Defender Pack can result in exposure of user credentials in application logs. Normally, these application logs are only viewable by local users and are included when generating logs for troubleshooting purposes. This means that these credentials are exposed to recipients of the application logs.
Severity ?
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Palo Alto Networks | Cortex XDR Microsoft 365 Defender Pack |
Affected:
4.6.0 , < 11.0.2-133
(custom)
|
Credits
RC
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4234",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-12T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-13T03:55:39.594Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Cortex XDR Microsoft 365 Defender Pack",
"vendor": "Palo Alto Networks",
"versions": [
{
"changes": [
{
"at": "4.6.5",
"status": "unaffected"
}
],
"lessThan": "11.0.2-133",
"status": "affected",
"version": "4.6.0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The Microsoft 365 Defender Pack must be enabled.\u0026nbsp;"
}
],
"value": "The Microsoft 365 Defender Pack must be enabled."
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "RC"
}
],
"datePublic": "2025-09-10T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A problem with the Palo Alto Networks Cortex XDR Microsoft 365 Defender Pack can result in exposure of user credentials in application logs. Normally, these application logs are only viewable by local users and are included when generating logs for troubleshooting purposes. This means that these credentials are exposed to recipients of the application logs."
}
],
"value": "A problem with the Palo Alto Networks Cortex XDR Microsoft 365 Defender Pack can result in exposure of user credentials in application logs. Normally, these application logs are only viewable by local users and are included when generating logs for troubleshooting purposes. This means that these credentials are exposed to recipients of the application logs."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"impacts": [
{
"capecId": "CAPEC-21",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-21 Exploitation of Trusted Credentials"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 2.4,
"baseSeverity": "LOW",
"privilegesRequired": "LOW",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "PASSIVE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:L/VI:N/VA:N/SC:H/SI:H/SA:H/AU:N/R:U/V:D/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532: Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-12T17:18:11.618Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://security.paloaltonetworks.com/CVE-2025-4234"
}
],
"solutions": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ctable\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eVersion\u003cbr\u003e\u003c/th\u003e\u003cth\u003eMinor Version\u003cbr\u003e\u003c/th\u003e\u003cth\u003eSuggested Solution\u003cbr\u003e\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\n \u003ctd\u003eCortex XDR Microsoft 365 Defender Pack 4.6 on Windows\u003cbr\u003e\u003c/td\u003e\n \u003ctd\u003e4.6.0 through 4.6.4\u003c/td\u003e\n \u003ctd\u003eUpgrade to 4.6.5 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003cbr\u003eRotate any Client Secrets for Azure Applications that attempted connection with the Microsoft 365 Defender Pack.\u0026nbsp;"
}
],
"value": "Version\nMinor Version\nSuggested Solution\n\n Cortex XDR Microsoft 365 Defender Pack 4.6 on Windows\n\n 4.6.0 through 4.6.4\n Upgrade to 4.6.5 or later.\n \nRotate any Client Secrets for Azure Applications that attempted connection with the Microsoft 365 Defender Pack."
}
],
"source": {
"defect": [
"CRTX-178569"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2025-09-10T16:00:00.000Z",
"value": "Initial Publication"
}
],
"title": "Cortex XDR Microsoft 365 Defender Pack: Cleartext Exposure of Credentials",
"workarounds": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "No known workarounds exist for this issue."
}
],
"value": "No known workarounds exist for this issue."
}
],
"x_affectedList": [
"Cortex XDR Microsoft 365 Defender Pack 4.6.0",
"Cortex XDR Microsoft 365 Defender Pack 4.6.1",
"Cortex XDR Microsoft 365 Defender Pack 4.6.2",
"Cortex XDR Microsoft 365 Defender Pack 4.6.3",
"Cortex XDR Microsoft 365 Defender Pack 4.6.4"
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2025-4234",
"datePublished": "2025-09-12T17:18:11.618Z",
"dateReserved": "2025-05-02T19:10:49.753Z",
"dateUpdated": "2025-09-13T03:55:39.594Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}