What is the severity of CVE-2025-0112?

CVE-2025-0112 has a moderate severity level due to the potential for exploitation by malware to disable security features.

How do I fix CVE-2025-0112?

To fix CVE-2025-0112, update the Palo Alto Networks Cortex XDR agent to version 8.5.1 or higher.

Who is impacted by CVE-2025-0112?

CVE-2025-0112 impacts users of the Palo Alto Networks Cortex XDR Agent on Windows devices.

Can non-administrative Windows users exploit CVE-2025-0112?

Yes, non-administrative Windows users can exploit CVE-2025-0112 to disable the Cortex XDR agent.

What types of devices are affected by CVE-2025-0112?

CVE-2025-0112 affects Windows devices running the vulnerable versions of Palo Alto Networks Cortex XDR Agent.

Vulnerability/
CVE-2025-0112

medium

6.8

CWE

754

12/2/2025

19/2/2025

20/2/2025

CVE-2025-0112: Cortex XDR Agent: Local Windows User Can Disable the Agent (Severity: MEDIUM)

First published: Wed Feb 12 2025(Updated: )

A problem with a detection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices enables a user with Windows non-administrative privileges to disable the agent. This vulnerability can also be leveraged by malware to disable the Cortex XDR agent and then perform malicious activity.

Credit: psirt@paloaltonetworks.com

Affected Software	Affected Version	How to fix
All of
Palo Alto Networks Cortex XDR Agent	<8.3.101-CE=8.3-CE=8.4.0<8.5.1=8.5.0	8.3.101-CE 8.5.1
Microsoft Windows	*

Remedy

There are no known workarounds or mitigations for this issue.

Remedy

This issue is fixed in Cortex XDR agent 8.3.101-CE, Cortex XDR agent 8.5.1, Cortex XDR agent 8.6 and all later Cortex XDR agent versions.

Never miss a vulnerability like this again

Reference Links

https://security.paloaltonetworks.com/CVE-2025-0112

Frequently Asked Questions

What is the severity of CVE-2025-0112?
CVE-2025-0112 has a moderate severity level due to the potential for exploitation by malware to disable security features.
How do I fix CVE-2025-0112?
To fix CVE-2025-0112, update the Palo Alto Networks Cortex XDR agent to version 8.5.1 or higher.
Who is impacted by CVE-2025-0112?
CVE-2025-0112 impacts users of the Palo Alto Networks Cortex XDR Agent on Windows devices.
Can non-administrative Windows users exploit CVE-2025-0112?
Yes, non-administrative Windows users can exploit CVE-2025-0112 to disable the Cortex XDR agent.
What types of devices are affected by CVE-2025-0112?
CVE-2025-0112 affects Windows devices running the vulnerable versions of Palo Alto Networks Cortex XDR Agent.

collector/paloaltonetworks-latest
source/Palo Alto Networks
agent/title
agent/references
agent/first-publish-date
agent/remedy
agent/weakness
agent/description
agent/softwarecombine
collector/nvd-api
source/NVD
agent/severity
agent/type
agent/author
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/source
agent/tags
agent/event
collector/paloaltonetworks-api
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/palo alto networks
canonical/palo alto networks cortex xdr agent
version/palo alto networks cortex xdr agent/8.3-ce
version/palo alto networks cortex xdr agent/8.4.0
version/palo alto networks cortex xdr agent/8.5.0
vendor/microsoft
canonical/microsoft windows

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.