Vulnerabilities

[Palo Alto Networks Security Advisories] CVE-2025-0121 Cortex XDR Agent: Local Windows User Can Crash the Agent

April 9, 2025

Palo Alto Networks Security Advisories /CVE-2025-0121

CVE-2025-0121 Cortex XDR Agent: Local Windows User Can Crash the Agent

UrgencyMODERATE

Severity4.3 ·MEDIUM

Exploit MaturityUNREPORTED

Response EffortMODERATE

RecoveryUSER

Value DensityDIFFUSE

Attack ComplexityLOW

Attack RequirementsNONE

AutomatableNO

User InteractionNONE

Product ConfidentialityNONE

Product IntegrityNONE

Product AvailabilityHIGH

Privileges RequiredLOW

Subsequent ConfidentialityNONE

Subsequent IntegrityNONE

Subsequent AvailabilityNONE

CVE JSON CSAF

Published2025-04-09

Updated2025-04-09

ReferenceCPATR-26258

Discoveredexternally

Description

A null pointer dereference vulnerability in the Palo Alto Networks Cortex® XDR agent on Windows devices allows a low-privileged local Windows user to crash the agent. Additionally, malware can use this vulnerability to perform malicious activity without Cortex XDR being able to detect it.

Product Status

Versions	Affected	Unaffected
Cortex XDR Agent 8.7	None on Windows	All on Windows
Cortex XDR Agent 8.6	< 8.6.1 on Windows	>= 8.6.1 on Windows
Cortex XDR Agent 8.5	< 8.5.2 on Windows	>= 8.5.2 on Windows
Cortex XDR Agent 8.3-CE	< 8.3.101-CE HF on Windows	>= 8.3.101-CE HF on Windows
Cortex XDR Agent 7.9-CE	< 7.9.103-CE HF on Windows	>= 7.9.103-CE HF on Windows

Required Configuration for Exposure

No special configuration is needed to be affected by this issue.

Severity:MEDIUM, Suggested Urgency:MODERATE

CVSS-BT:4.3 /CVSS-B:6.8 (CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber)

Exploitation Status

Palo Alto Networks is not aware of any malicious exploitation of this issue.

Weakness Type and Impact

CWE-476 NULL Pointer Dereference

CAPEC-578 Disable Security Software

Solution

This issue is fixed in Cortex XDR Agent 8.6.1, Cortex XDR Agent 8.5.2, Cortex XDR Agent 8.3.101-CE HF, Cortex XDR Agent 7.9.103-CE HF, and all later Cortex XDR Agent versions.

Workarounds and Mitigations

There are no known workarounds for this issue.

Acknowledgments

Palo Alto Networks thanks adcisseckilled for discovering and reporting the issue.

CPEs

cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:8.6.0:-:*:*:*:*:*:*

cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:8.5.0:-:*:*:*:*:*:*

cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:8.5.1:-:*:*:*:*:*:*

cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:8.3-CE:-:*:*:*:*:*:*

cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:7.9-CE:-:*:*:*:*:*:*

cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:7.9.101-CE:-:*:*:*:*:*:*

cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:7.9.102-CE:-:*:*:*:*:*:*

Timeline

2025-04-09Initial Publication

A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below

Buy Me A Coffee

Patreon

To keep up to date follow us on the below channels.

Tags: CVE, OSINT, threatintel

Vulnerabilities

[Palo Alto Networks Security Advisories] CVE-2025-0121 Cortex XDR Agent: Local Windows User Can Crash the Agent

April 9, 2025

Palo Alto Networks Security Advisories /CVE-2025-0121

CVE-2025-0121 Cortex XDR Agent: Local Windows User Can Crash the Agent

UrgencyMODERATE

Severity4.3 ·MEDIUM

Exploit MaturityUNREPORTED

Response EffortMODERATE

RecoveryUSER

Value DensityDIFFUSE

Attack ComplexityLOW

Attack RequirementsNONE

AutomatableNO

User InteractionNONE

Product ConfidentialityNONE

Product IntegrityNONE

Product AvailabilityHIGH

Privileges RequiredLOW

Subsequent ConfidentialityNONE

Subsequent IntegrityNONE

Subsequent AvailabilityNONE

CVE JSON CSAF

Published2025-04-09

Updated2025-04-09

ReferenceCPATR-26258

Discoveredexternally

Description

Product Status

Versions	Affected	Unaffected
Cortex XDR Agent 8.7	None on Windows	All on Windows
Cortex XDR Agent 8.6	< 8.6.1 on Windows	>= 8.6.1 on Windows
Cortex XDR Agent 8.5	< 8.5.2 on Windows	>= 8.5.2 on Windows
Cortex XDR Agent 8.3-CE	< 8.3.101-CE HF on Windows	>= 8.3.101-CE HF on Windows
Cortex XDR Agent 7.9-CE	< 7.9.103-CE HF on Windows	>= 7.9.103-CE HF on Windows

Required Configuration for Exposure

No special configuration is needed to be affected by this issue.

Severity:MEDIUM, Suggested Urgency:MODERATE

CVSS-BT:4.3 /CVSS-B:6.8 (CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber)

Exploitation Status

Palo Alto Networks is not aware of any malicious exploitation of this issue.

Weakness Type and Impact

CWE-476 NULL Pointer Dereference

CAPEC-578 Disable Security Software

Solution

This issue is fixed in Cortex XDR Agent 8.6.1, Cortex XDR Agent 8.5.2, Cortex XDR Agent 8.3.101-CE HF, Cortex XDR Agent 7.9.103-CE HF, and all later Cortex XDR Agent versions.

Workarounds and Mitigations

There are no known workarounds for this issue.

Acknowledgments

Palo Alto Networks thanks adcisseckilled for discovering and reporting the issue.

CPEs

cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:8.6.0:-:*:*:*:*:*:*

cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:8.5.0:-:*:*:*:*:*:*

cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:8.5.1:-:*:*:*:*:*:*

cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:8.3-CE:-:*:*:*:*:*:*

cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:7.9-CE:-:*:*:*:*:*:*

cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:7.9.101-CE:-:*:*:*:*:*:*

cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:7.9.102-CE:-:*:*:*:*:*:*

Timeline

2025-04-09Initial Publication

If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below

Buy Me A Coffee

Patreon

To keep up to date follow us on the below channels.

Tags: CVE, OSINT, threatintel

[Palo Alto Networks Security Advisories] CVE-2025-0121 Cortex XDR Agent: Local Windows User Can Crash the Agent

CVE-2025-0121 Cortex XDR Agent: Local Windows User Can Crash the Agent

Description

Product Status

Required Configuration for Exposure

Severity:MEDIUM, Suggested Urgency:MODERATE

Exploitation Status

Weakness Type and Impact

Solution

Workarounds and Mitigations

Acknowledgments

CPEs

Timeline

[Palo Alto Networks Security Advisories] CVE-2025-0121 Cortex XDR Agent: Local Windows User Can Crash the Agent

CVE-2025-0121 Cortex XDR Agent: Local Windows User Can Crash the Agent

Description

Product Status

Required Configuration for Exposure

Severity:MEDIUM, Suggested Urgency:MODERATE

Exploitation Status

Weakness Type and Impact

Solution

Workarounds and Mitigations

Acknowledgments

CPEs

Timeline

Erlang/OTP Remote Code Execution Vulnerability

CVE Alert: CVE-2024-53569

CVE Alert: CVE-2025-43952

CVE Alert: CVE-2025-43947

CVE Alert: CVE-2025-43948

CVE-2025-0121 Cortex XDR Agent: Local Windows User Can Crash the Agent

Description

Product Status

Required Configuration for Exposure

Severity:MEDIUM, Suggested Urgency:MODERATE

Exploitation Status

Weakness Type and Impact

Solution

Workarounds and Mitigations

Acknowledgments

CPEs

Timeline

CVE-2025-0121 Cortex XDR Agent: Local Windows User Can Crash the Agent

Description

Product Status

Required Configuration for Exposure

Severity:MEDIUM, Suggested Urgency:MODERATE

Exploitation Status

Weakness Type and Impact

Solution

Workarounds and Mitigations

Acknowledgments

CPEs

Timeline

You may have missed

Erlang/OTP Remote Code Execution Vulnerability

CVE Alert: CVE-2024-53569

CVE Alert: CVE-2025-43952

CVE Alert: CVE-2025-43947

CVE Alert: CVE-2025-43948