Thursday 13th February 2025
Summary
Overnight Palo Alto Networks released an update to patch a vulnerability in the Cortex XDR agent on Windows.
CVE-2025-0112 (CVSS v3.1: 4.3) is caused by an improper check for unexpected conditions, and can allow a basic user or attacker to disable the XDR agent and then perform activities without sufficient safeguards.
Affected Products
| Versions | Affected | Unaffected |
|---|---|---|
| Cortex XDR Agent 8.6 | None on Windows | All on Windows |
| Cortex XDR Agent 8.5 | < 8.5.1 on Windows | >= 8.5.1 on Windows |
| Cortex XDR Agent 8.4 | All on Windows * | None on Windows * |
| Cortex XDR Agent 8.3-CE | < 8.3.101-CE on Windows | >= 8.3.101-CE on Windows |
Recommendations
Spotit recommends that XDR administrators enable auto-upgrade on all agents and ensure there are no affected versions installed, especially in critical environments.