{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-4234", "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "state": "PUBLISHED", "assignerShortName": "palo_alto", "dateReserved": "2025-05-02T19:10:49.753Z", "datePublished": "2025-09-12T17:18:11.618Z", "dateUpdated": "2025-09-13T03:55:39.594Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["Windows"], "product": "Cortex XDR Microsoft 365 Defender Pack", "vendor": "Palo Alto Networks", "versions": [{"changes": [{"at": "4.6.5", "status": "unaffected"}], "lessThan": "11.0.2-133", "status": "affected", "version": "4.6.0", "versionType": "custom"}]}], "configurations": [{"lang": "eng", "supportingMedia": [{"base64": false, "type": "text/html", "value": "The Microsoft 365 Defender Pack must be enabled.&nbsp;"}], "value": "The Microsoft 365 Defender Pack must be enabled."}], "credits": [{"lang": "en", "type": "finder", "value": "RC"}], "datePublic": "2025-09-10T16:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A problem with the Palo Alto Networks Cortex XDR Microsoft 365 Defender Pack can result in exposure of user credentials in application logs. Normally, these application logs are only viewable by local users and are included when generating logs for troubleshooting purposes. This means that these credentials are exposed to recipients of the application logs."}], "value": "A problem with the Palo Alto Networks Cortex XDR Microsoft 365 Defender Pack can result in exposure of user credentials in application logs. Normally, these application logs are only viewable by local users and are included when generating logs for troubleshooting purposes. This means that these credentials are exposed to recipients of the application logs."}], "exploits": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."}], "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."}], "impacts": [{"capecId": "CAPEC-21", "descriptions": [{"lang": "en", "value": "CAPEC-21 Exploitation of Trusted Credentials"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NO", "Recovery": "USER", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "LOCAL", "baseScore": 2.4, "baseSeverity": "LOW", "privilegesRequired": "LOW", "providerUrgency": "AMBER", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "PASSIVE", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:L/VI:N/VA:N/SC:H/SI:H/SA:H/AU:N/R:U/V:D/RE:M/U:Amber", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "MODERATE"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-532", "description": "CWE-532: Insertion of Sensitive Information into Log File", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "shortName": "palo_alto", "dateUpdated": "2025-09-12T17:18:11.618Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://security.paloaltonetworks.com/CVE-2025-4234"}], "solutions": [{"lang": "eng", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<table><thead><tr><th>Version<br></th><th>Minor Version<br></th><th>Suggested Solution<br></th></tr></thead><tbody><tr>\n <td>Cortex XDR Microsoft 365 Defender Pack 4.6 on Windows<br></td>\n <td>4.6.0 through 4.6.4</td>\n <td>Upgrade to 4.6.5 or later.</td>\n </tr></tbody></table><br>Rotate any Client Secrets for Azure Applications that attempted connection with the Microsoft 365 Defender Pack.&nbsp;"}], "value": "Version\nMinor Version\nSuggested Solution\n\n Cortex XDR Microsoft 365 Defender Pack 4.6 on Windows\n\n 4.6.0 through 4.6.4\n Upgrade to 4.6.5 or later.\n \nRotate any Client Secrets for Azure Applications that attempted connection with the Microsoft 365 Defender Pack."}], "source": {"defect": ["CRTX-178569"], "discovery": "EXTERNAL"}, "timeline": [{"lang": "en", "time": "2025-09-10T16:00:00.000Z", "value": "Initial Publication"}], "title": "Cortex XDR Microsoft 365 Defender Pack: Cleartext Exposure of Credentials", "workarounds": [{"lang": "eng", "supportingMedia": [{"base64": false, "type": "text/html", "value": "No known workarounds exist for this issue."}], "value": "No known workarounds exist for this issue."}], "x_affectedList": ["Cortex XDR Microsoft 365 Defender Pack 4.6.0", "Cortex XDR Microsoft 365 Defender Pack 4.6.1", "Cortex XDR Microsoft 365 Defender Pack 4.6.2", "Cortex XDR Microsoft 365 Defender Pack 4.6.3", "Cortex XDR Microsoft 365 Defender Pack 4.6.4"], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-09-12T00:00:00+00:00", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2025-4234"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-13T03:55:39.594Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-4234", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-09-12T17:30:36.399629Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-12T17:30:40.714Z"}}], "cna": {"title": "Cortex XDR Microsoft 365 Defender Pack: Cleartext Exposure of Credentials", "source": {"defect": ["CRTX-178569"], "discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "RC"}], "impacts": [{"capecId": "CAPEC-21", "descriptions": [{"lang": "en", "value": "CAPEC-21 Exploitation of Trusted Credentials"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "USER", "baseScore": 2.4, "Automatable": "NO", "attackVector": "LOCAL", "baseSeverity": "LOW", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:L/VI:N/VA:N/SC:H/SI:H/SA:H/AU:N/R:U/V:D/RE:M/U:Amber", "providerUrgency": "AMBER", "userInteraction": "PASSIVE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "LOW", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "LOW", "vulnerabilityResponseEffort": "MODERATE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Palo Alto Networks", "product": "Cortex XDR Microsoft 365 Defender Pack", "versions": [{"status": "affected", "changes": [{"at": "4.6.5", "status": "unaffected"}], "version": "4.6.0", "lessThan": "11.0.2-133", "versionType": "custom"}], "platforms": ["Windows"], "defaultStatus": "unaffected"}], "exploits": [{"lang": "en", "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue.", "supportingMedia": [{"type": "text/html", "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue.", "base64": false}]}], "timeline": [{"lang": "en", "time": "2025-09-10T16:00:00.000Z", "value": "Initial Publication"}], "solutions": [{"lang": "eng", "value": "Version\nMinor Version\nSuggested Solution\n\n Cortex XDR Microsoft 365 Defender Pack 4.6 on Windows\n\n 4.6.0 through 4.6.4\n Upgrade to 4.6.5 or later.\n \nRotate any Client Secrets for Azure Applications that attempted connection with the Microsoft 365 Defender Pack.", "supportingMedia": [{"type": "text/html", "value": "<table><thead><tr><th>Version<br></th><th>Minor Version<br></th><th>Suggested Solution<br></th></tr></thead><tbody><tr>\n <td>Cortex XDR Microsoft 365 Defender Pack 4.6 on Windows<br></td>\n <td>4.6.0 through 4.6.4</td>\n <td>Upgrade to 4.6.5 or later.</td>\n </tr></tbody></table><br>Rotate any Client Secrets for Azure Applications that attempted connection with the Microsoft 365 Defender Pack.&nbsp;", "base64": false}]}], "datePublic": "2025-09-10T16:00:00.000Z", "references": [{"url": "https://security.paloaltonetworks.com/CVE-2025-4234", "tags": ["vendor-advisory"]}], "workarounds": [{"lang": "eng", "value": "No known workarounds exist for this issue.", "supportingMedia": [{"type": "text/html", "value": "No known workarounds exist for this issue.", "base64": false}]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "A problem with the Palo Alto Networks Cortex XDR Microsoft 365 Defender Pack can result in exposure of user credentials in application logs. Normally, these application logs are only viewable by local users and are included when generating logs for troubleshooting purposes. This means that these credentials are exposed to recipients of the application logs.", "supportingMedia": [{"type": "text/html", "value": "A problem with the Palo Alto Networks Cortex XDR Microsoft 365 Defender Pack can result in exposure of user credentials in application logs. Normally, these application logs are only viewable by local users and are included when generating logs for troubleshooting purposes. This means that these credentials are exposed to recipients of the application logs.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-532", "description": "CWE-532: Insertion of Sensitive Information into Log File"}]}], "configurations": [{"lang": "eng", "value": "The Microsoft 365 Defender Pack must be enabled.", "supportingMedia": [{"type": "text/html", "value": "The Microsoft 365 Defender Pack must be enabled.&nbsp;", "base64": false}]}], "x_affectedList": ["Cortex XDR Microsoft 365 Defender Pack 4.6.0", "Cortex XDR Microsoft 365 Defender Pack 4.6.1", "Cortex XDR Microsoft 365 Defender Pack 4.6.2", "Cortex XDR Microsoft 365 Defender Pack 4.6.3", "Cortex XDR Microsoft 365 Defender Pack 4.6.4"], "providerMetadata": {"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "shortName": "palo_alto", "dateUpdated": "2025-09-12T17:18:11.618Z"}}}, "cveMetadata": {"cveId": "CVE-2025-4234", "state": "PUBLISHED", "dateUpdated": "2025-09-13T03:55:39.594Z", "dateReserved": "2025-05-02T19:10:49.753Z", "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "datePublished": "2025-09-12T17:18:11.618Z", "assignerShortName": "palo_alto"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A problem with the Palo Alto Networks Cortex XDR Microsoft 365 Defender Pack can result in exposure of user credentials in application logs. Normally, these application logs are only viewable by local users and are included when generating logs for troubleshooting purposes. This means that these credentials are exposed to recipients of the application logs."}], "id": "CVE-2025-4234", "lastModified": "2025-09-15T15:21:42.937", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NO", "Recovery": "USER", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 2.4, "baseSeverity": "LOW", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "AMBER", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "PASSIVE", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:L/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Amber", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "MODERATE"}, "source": "psirt@paloaltonetworks.com", "type": "Secondary"}]}, "published": "2025-09-12T18:15:34.180", "references": [{"source": "psirt@paloaltonetworks.com", "url": "https://security.paloaltonetworks.com/CVE-2025-4234"}], "sourceIdentifier": "psirt@paloaltonetworks.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-532"}], "source": "psirt@paloaltonetworks.com", "type": "Secondary"}]}

{}