CVE-2025-4234
BaseFortify
Publication date: 2025-09-12
Last updated on: 2025-09-15
Assigner: Palo Alto Networks, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| palo_alto_networks | cortex_xdr_microsoft_365_defender_pack | 4.6.1 |
| palo_alto_networks | cortex_xdr_microsoft_365_defender_pack | 4.6.2 |
| palo_alto_networks | cortex_xdr_microsoft_365_defender_pack | 4.6.3 |
| palo_alto_networks | cortex_xdr_microsoft_365_defender_pack | 4.6.4 |
| palo_alto_networks | cortex_xdr_microsoft_365_defender_pack | 4.6.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-532 | The product writes sensitive information to a log file. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in the Palo Alto Networks Cortex XDR Microsoft 365 Defender Pack causes user credentials to be exposed in application logs. These logs, which are normally only accessible to local users and used for troubleshooting, can inadvertently reveal sensitive credential information to anyone who receives the logs.
How can this vulnerability impact me? :
The exposure of user credentials in application logs can lead to unauthorized access if those logs are shared or accessed by unintended recipients. This could result in compromised user accounts and potential further security breaches within your environment.