CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-62792 – Wazuh vulnerable to Heap-based Buffer Over-read in w_expression_match
https://notcve.org/view.php?id=CVE-2025-62792
29 Oct 2025 — Wazuh is a free and open source platform used for threat prevention, detection, and response. Prior to 4.12.0, a buffer over-read occurs in w_expression_match() when strlen() is called on str_test, because the corresponding buffer is not being properly NULL terminated during its allocation in OS_CleanMSG(). A compromised agent can cause a READ operation beyond the end of the allocated buffer (which may contain sensitive information) by sending a specially crafted message to the wazuh manager. An attacker wh... • https://github.com/wazuh/wazuh/security/advisories/GHSA-2672-vfhm-xhr6 • CWE-126: Buffer Over-read CWE-170: Improper Null Termination •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-62791 – Wazuh vulnerable to NULL pointer dereference in DecodeCiscat
https://notcve.org/view.php?id=CVE-2025-62791
29 Oct 2025 — Wazuh is a free and open source platform used for threat prevention, detection, and response. Prior to 4.11.0, DecodeCiscat() implementation does not check the return the value of cJSON_GetObjectItem() for a possible NULL value in case of an error. A compromised agent can cause a crash of analysisd by sending a specially crafted message to the wazuh manager. An attacker who is able to craft and send an agent message to the wazuh manager can cause analysisd to crash and make it unavailable. This vulnerabilit... • https://github.com/wazuh/wazuh/security/advisories/GHSA-gcwf-6p6m-gvm7 • CWE-252: Unchecked Return Value CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-62790 – Wazuh vulnerable to NULL pointer dereference in fim_fetch_attributes_state
https://notcve.org/view.php?id=CVE-2025-62790
29 Oct 2025 — Wazuh is a free and open source platform used for threat prevention, detection, and response. Prior to 4.11.0, fim_fetch_attributes_state() implementation does not check whether time_string is NULL or not before calling strlen() on it. A compromised agent can cause a crash of analysisd by sending a specially crafted message to the wazuh manager. An attacker who is able to craft and send an agent message to the wazuh manager can cause analysisd to crash and make it unavailable. This vulnerability is fixed in... • https://github.com/wazuh/wazuh/security/advisories/GHSA-9xj3-vc52-48p9 • CWE-252: Unchecked Return Value CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-62789 – Wazuh vulnerable to NULL pointer dereference in fim_alert line 712
https://notcve.org/view.php?id=CVE-2025-62789
29 Oct 2025 — Wazuh is a free and open source platform used for threat prevention, detection, and response. Prior to 4.11.0, fim_alert() implementation does not check whether the return value of ctime_r is NULL or not before calling strdup() on it. A compromised agent can cause a crash of analysisd by sending a specially crafted message to the wazuh manager. An attacker who is able to craft and send an agent message to the wazuh manager can cause analysisd to crash and make it unavailable. This vulnerability is fixed in ... • https://github.com/wazuh/wazuh/security/advisories/GHSA-8rvq-mm2f-8q22 • CWE-252: Unchecked Return Value CWE-476: NULL Pointer Dereference •
CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 0CVE-2025-62788 – Wazuh Vulnerable to Heap Use After Free in w_copy_event_for_log
https://notcve.org/view.php?id=CVE-2025-62788
29 Oct 2025 — Wazuh is a free and open source platform used for threat prevention, detection, and response. Prior to 4.11.0, w_copy_event_for_log() references memory (initially allocated in OS_CleanMSG()) after it has been freed. A compromised agent can potentially compromise the integrity of the application by sending a specially crafted message to the wazuh manager. An attacker who is able to craft and send an agent message to the wazuh manager can leverage this issue to potentially compromise the integrity of the appl... • https://github.com/wazuh/wazuh/security/advisories/GHSA-qjcw-fjvh-8q4g • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-62787 – Wazuh Vulnerable to Heap-based Buffer Over-read in DecodeWinevt
https://notcve.org/view.php?id=CVE-2025-62787
29 Oct 2025 — Wazuh is a free and open source platform used for threat prevention, detection, and response. Prior to 4.10.2, a buffer over-read occurs in DecodeWinevt() when child_attr[p]->attributes[j] is accessed, because the corresponding index (j) is incorrect. A compromised agent can cause a READ operation beyond the end of the allocated buffer (which may contain sensitive information) by sending a specially crafted message to the wazuh manager. An attacker who is able to craft and send an agent message to the wazuh... • https://github.com/wazuh/wazuh/commit/267d5d55de490469a9ec24a2b936bb3c5aa8fdda • CWE-126: Buffer Over-read •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-62786 – Wazuh Vulnerable to Heap-based Buffer Out-Of-Bounds WRITE in decode_win_permissions
https://notcve.org/view.php?id=CVE-2025-62786
29 Oct 2025 — Wazuh is a free and open source platform used for threat prevention, detection, and response. A heap-based out-of-bounds WRITE occurs in decode_win_permissions, resulting in writing a NULL byte 2 bytes before the start of the buffer allocated to decoded_it. A compromised agent can potentially leverage this issue to perform remote code execution, by sending a specially crafted message to the wazuh manager. An attacker who is able to craft and send an agent message to the wazuh manager can leverage this issue... • https://github.com/wazuh/wazuh/commit/2257d7998aaff34263169d16f4afc491564a771c • CWE-124: Buffer Underwrite ('Buffer Underflow') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-62785 – Wazuh fillData NULL pointer dereference causes analysisd crash
https://notcve.org/view.php?id=CVE-2025-62785
29 Oct 2025 — Wazuh is a free and open source platform used for threat prevention, detection, and response. fillData() implementation does not check whether value is NULL or not before calling os_strdup() on it. A compromised agent can cause a crash of analysisd by sending a specially crafted message to the wazuh manager. An attacker who is able to craft and send an agent message to the wazuh manager can cause analysisd to crash and make it unavailable. This vulnerability is fixed in 4.10.2. • https://github.com/wazuh/wazuh/commit/17f8dc23a6211cbb398a262fcd1b0fe61b0a8eb6 • CWE-252: Unchecked Return Value CWE-476: NULL Pointer Dereference •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-34294 – Wazuh File Integrity Monitoring (FIM) & Active Response Arbitrary File Deletion as SYSTEM
https://notcve.org/view.php?id=CVE-2025-34294
28 Oct 2025 — Wazuh's File Integrity Monitoring (FIM), when configured with automatic threat removal, contains a time-of-check/time-of-use (TOCTOU) race condition that can allow a local, low-privileged attacker to cause the Wazuh service (running as NT AUTHORITY\SYSTEM) to delete attacker-controlled files or paths. The root cause is insufficient synchronization and lack of robust final-path validation in the threat-removal workflow: the agent records an active-response action and proceeds to perform deletion without guar... • https://documentation.wazuh.com/current/user-manual/capabilities/active-response/index.html • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-59938 – Heap buffer overflow in wazuh-analysisd
https://notcve.org/view.php?id=CVE-2025-59938
27 Sep 2025 — Wazuh is a free and open source platform used for threat prevention, detection, and response. In versions starting from 3.8.0 to before 4.11.0, wazuh-analysisd is vulnerable to a heap buffer overflow when parsing XML elements from Windows EventChannel messages. This issue has been patched in version 4.11.0. • https://github.com/wazuh/wazuh/security/advisories/GHSA-vw3r-mjg3-9hh2 • CWE-122: Heap-based Buffer Overflow •