CVE-2025-4235— User-ID Credential Agent: Cleartext Exposure of Service Account password

User-ID Credential Agent: Cleartext Exposure of Service Account password

An information exposure vulnerability in the Palo Alto Networks User-ID Credential Agent (Windows-based) can expose the service account password under specific non-default configurations. This allows an unprivileged Domain User to escalate privileges by exploiting the account’s permissions. The impact varies by configuration: * Minimally Privileged Accounts: Enable disruption of User-ID Credential Agent operations (e.g., uninstalling or disabling the agent service), weakening network security policies that leverage Credential Phishing Prevention https://docs.paloaltonetworks.com/advanced-url-filtering/administration/url-filtering-features/credential-phishing-prevention under a Domain Credential Filter https://docs.paloaltonetworks.com/advanced-url-filtering/administration/url-filtering-features/credential-phishing-prevention/methods-to-check-for-corporate-credential-submissions configuration. * Elevated Accounts (Server Operator, Domain Join, Legacy Features): Permit increased impacts, including server control (e.g., shutdown/restart), domain manipulation (e.g., rogue computer objects), and network compromise via reconnaissance or client probing.

N/A

将系统数据暴露到未授权控制的范围

Palo Alto Networks User-ID Credential Agent 安全漏洞

Palo Alto Networks User-ID Credential Agent是美国派拓网络（Palo Alto Networks）公司的一个具有收集用户身份与IP地址的对应关系功能的组件。 Palo Alto Networks User-ID Credential Agent存在安全漏洞，该漏洞源于特定非默认配置下可能暴露服务账户密码，可能导致权限提升。

N/A

N/A