Analysis Summary

CVE-2025-4228 CVSS:4.6

An incorrect privilege assignment vulnerability in Palo Alto Networks Cortex XDR Broker VM allows an authenticated administrative user to execute certain files available within the Broker VM and escalate their privileges to root.

CVE-2025-4229 CVSS:6

An information disclosure vulnerability in the SD-WAN feature of Palo Alto Networks PAN-OS software enables an unauthorized user to view unencrypted data sent from the firewall through the SD-WAN interface. This requires the user to be able to intercept packets sent from the firewall.

CVE-2025-4230 CVSS:8.4

A command injection vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to bypass system restrictions and run arbitrary commands as a root user. To be able to exploit this issue, the user must have access to the PAN-OS CLI.

CVE-2025-4232 CVSS:8.5

An improper neutralization of wildcard vulnerability in the log collection feature of Palo Alto Networks GlobalProtect app on macOS allows a non-administrative user to escalate their privileges to root.

CVE-2025-4233 CVSS:5.1

An insufficient implementation of cache vulnerability in Palo Alto Networks Prisma Access Browser enables users to bypass certain data control policies.

Impact

• Information Disclosure
• Privilege Escalation
• Security Bypass

Indicators of Compromise

CVE

• CVE-2025-4233

• CVE-2025-4232

• CVE-2025-4230

• CVE-2025-4228

• CVE-2025-4229

Affected Vendors

Remediation

Refer to Palo Alto Networks Security Advisory for patch, upgrade, or suggested workaround information.

CVE-2025-4228

CVE-2025-4229

CVE-2025-4230

CVE-2025-4232

CVE-2025-4233