CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 6CVE-2025-24016 – Remote code execution in Wazuh server
https://notcve.org/view.php?id=CVE-2025-24016
10 Feb 2025 — Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 4.4.0 and prior to version 4.9.1, an unsafe deserialization vulnerability allows for remote code execution on Wazuh servers. DistributedAPI parameters are a serialized as JSON and deserialized using `as_wazuh_object` (in `framework/wazuh/core/cluster/common.py`). If an attacker manages to inject an unsanitized dictionary in DAPI request/response, they can forge an unhandled exception (`__unhandl... • https://packetstorm.news/files/id/189286 • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35177 – Improper Access Control in wazuh-agent
https://notcve.org/view.php?id=CVE-2024-35177
03 Feb 2025 — Wazuh is a free and open source platform used for threat prevention, detection, and response. It is capable of protecting workloads across on-premises, virtualized, containerized, and cloud-based environments. The wazuh-agent for Windows is vulnerable to a Local Privilege Escalation vulnerability due to improper ACL of the non-default installation directory. A local malicious user could potentially exploit this vulnerability by placing one of the many DLL that are loaded and not present on the system in the... • https://github.com/wazuh/wazuh/security/advisories/GHSA-pmr2-2r83-h3cv • CWE-284: Improper Access Control •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47770 – Ability to view Agent list with no privilege access in wazuh-dashboard
https://notcve.org/view.php?id=CVE-2024-47770
03 Feb 2025 — Wazuh is a free and open source platform used for threat prevention, detection, and response. It is capable of protecting workloads across on-premises, virtualized, containerized, and cloud-based environments. This vulnerability occurs when the system has weak privilege access, that allows an attacker to do privilege escalation. In this case the attacker is able to view agent list on Wazuh dashboard with no privilege access. This issue has been addressed in release version 4.9.1 and all users are advised to... • https://github.com/wazuh/wazuh/security/advisories/GHSA-648q-8m78-5cwv • CWE-269: Improper Privilege Management •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32038 – Wazuh Analysis Engine Event Decoder Heap-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-32038
19 Apr 2024 — Wazuh is a free and open source platform used for threat prevention, detection, and response. There is a buffer overflow hazard in wazuh-analysisd when handling Unicode characters from Windows Eventchannel messages. It impacts Wazuh Manager 3.8.0 and above. This vulnerability is fixed in Wazuh Manager 4.7.2. Wazuh es una plataforma gratuita y de código abierto que se utiliza para la prevención, detección y respuesta a amenazas. • https://github.com/wazuh/wazuh/security/advisories/GHSA-fcpw-v3pg-c327 • CWE-122: Heap-based Buffer Overflow •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50260 – Wazuh's vulnerability in host_deny AR script allows arbitrary command execution
https://notcve.org/view.php?id=CVE-2023-50260
19 Apr 2024 — Wazuh is a free and open source platform used for threat prevention, detection, and response. A wrong validation in the `host_deny` script allows to write any string in the `hosts.deny` file, which can end in an arbitrary command execution on the target system. This vulnerability is part of the active response feature, which can automatically triggers actions in response to alerts. By default, active responses are limited to a set of pre defined executables. This is enforced by only allowing executables sto... • https://github.com/wazuh/wazuh/security/advisories/GHSA-mjq2-xf8g-68vw • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49275 – Wazuh vulnerable to NULL Pointer Dereference in wazuh-analysisd
https://notcve.org/view.php?id=CVE-2023-49275
19 Apr 2024 — Wazuh is a free and open source platform used for threat prevention, detection, and response. A NULL pointer dereference was detected during fuzzing of the analysis engine, allowing malicious clients to DoS the analysis engine. The bug occurs when `analysisd` receives a syscollector message with the `hotfix` `msg_type` but lacking a `timestamp`. It uses `cJSON_GetObjectItem()` to get the `timestamp` object item and dereferences it without checking for a `NULL` value. A malicious client can DoS the analysis ... • https://github.com/wazuh/wazuh/blob/e1d5231b31b68a75f3b8b33f833155b362411078/src/analysisd/decoders/syscollector.c#L1573 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-42463 – wazuh-logcollector integer underflow local privilege escalation
https://notcve.org/view.php?id=CVE-2023-42463
12 Jan 2024 — Wazuh is a free and open source platform used for threat prevention, detection, and response. This bug introduced a stack overflow hazard that could allow a local privilege escalation. This vulnerability was patched in version 4.5.3. Wazuh es una plataforma gratuita y de código abierto que se utiliza para la prevención, detección y respuesta a amenazas. Este error introdujo peligro por desbordamiento de pila que podría permitir una escalada de privilegios locales. • https://github.com/wazuh/wazuh/security/advisories/GHSA-27p5-32pp-r58r • CWE-121: Stack-based Buffer Overflow •
CVSS: 9.0EPSS: 0%CPEs: 3EXPL: 0CVE-2022-40497
https://notcve.org/view.php?id=CVE-2022-40497
27 Sep 2022 — Wazuh v3.6.1 - v3.13.5, v4.0.0 - v4.2.7, and v4.3.0 - v4.3.7 were discovered to contain an authenticated remote code execution (RCE) vulnerability via the Active Response endpoint. Se ha detectado que Wazuh versiones v3.6.1 - v3.13.5, v4.0.0 - v4.2.7, y v4.3.0 - v4.3.7, contienen una vulnerabilidad de ejecución de código remota (RCE) autenticada por medio del endpoint Active Response • https://github.com/wazuh/wazuh/pull/14801 •
CVSS: 9.8EPSS: 42%CPEs: 1EXPL: 1CVE-2021-44079
https://notcve.org/view.php?id=CVE-2021-44079
22 Nov 2021 — In the wazuh-slack active response script in Wazuh 4.2.x before 4.2.5, untrusted user agents are passed to a curl command line, potentially resulting in remote code execution. En el script de respuesta activa wazuh-slack en Wazuh versiones 4.2.x anteriores a 4.2.5, se pasan agentes de usuario no confiables a una línea de comando curl, lo que potencialmente resulta en la ejecución remota de código • https://github.com/wazuh/wazuh/issues/10858 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-41821
https://notcve.org/view.php?id=CVE-2021-41821
29 Sep 2021 — Wazuh Manager in Wazuh through 4.1.5 is affected by a remote Integer Underflow vulnerability that might lead to denial of service. A crafted message must be sent from an authenticated agent to the manager. Wazuh Manager en Wazuh versiones hasta 4.1.5, está afectado por una vulnerabilidad de Desbordamiento de Enteros remota que podría conllevar a una denegación de servicio. Un mensaje diseñado debe ser enviado desde un agente autenticado al administrador • https://documentation.wazuh.com/current/release-notes/release_4_2_0.html • CWE-191: Integer Underflow (Wrap or Wraparound) •