Description

An information exposure vulnerability in the Palo Alto Networks User-ID Credential Agent (Windows-based) can expose the service account password under specific non-default configurations. This allows an unprivileged Domain User to escalate privileges by exploiting the account’s permissions. The impact varies by configuration: * Minimally Privileged Accounts: Enable disruption of User-ID Credential Agent operations (e.g., uninstalling or disabling the agent service), weakening network security policies that leverage Credential Phishing Prevention https://docs.paloaltonetworks.com/advanced-url-filtering/administration/url-filtering-features/credential-phishing-prevention under a Domain Credential Filter https://docs.paloaltonetworks.com/advanced-url-filtering/administration/url-filtering-features/credential-phishing-prevention/methods-to-check-for-corporate-credential-submissions configuration. * Elevated Accounts (Server Operator, Domain Join, Legacy Features): Permit increased impacts, including server control (e.g., shutdown/restart), domain manipulation (e.g., rogue computer objects), and network compromise via reconnaissance or client probing.

INFO

Published Date :

2025-09-12T17:16:53.868Z

Last Modified :

2026-02-26T17:48:38.530Z

Source :

palo_alto
AFFECTED PRODUCTS

The following products are affected by CVE-2025-4235 vulnerability.

Vendors Products
Microsoft
  • Windows
Palo Alto
  • Networks
Paloaltonetworks
  • User-id Credential Agent
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-4235.

URL Resource
https://security.paloaltonetworks.com/CVE-2025-4235 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability