CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 6CVE-2025-24016 – Remote code execution in Wazuh server
https://notcve.org/view.php?id=CVE-2025-24016
10 Feb 2025 — Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 4.4.0 and prior to version 4.9.1, an unsafe deserialization vulnerability allows for remote code execution on Wazuh servers. DistributedAPI parameters are a serialized as JSON and deserialized using `as_wazuh_object` (in `framework/wazuh/core/cluster/common.py`). If an attacker manages to inject an unsanitized dictionary in DAPI request/response, they can forge an unhandled exception (`__unhandl... • https://packetstorm.news/files/id/189286 • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35177 – Improper Access Control in wazuh-agent
https://notcve.org/view.php?id=CVE-2024-35177
03 Feb 2025 — Wazuh is a free and open source platform used for threat prevention, detection, and response. It is capable of protecting workloads across on-premises, virtualized, containerized, and cloud-based environments. The wazuh-agent for Windows is vulnerable to a Local Privilege Escalation vulnerability due to improper ACL of the non-default installation directory. A local malicious user could potentially exploit this vulnerability by placing one of the many DLL that are loaded and not present on the system in the... • https://github.com/wazuh/wazuh/security/advisories/GHSA-pmr2-2r83-h3cv • CWE-284: Improper Access Control •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47770 – Ability to view Agent list with no privilege access in wazuh-dashboard
https://notcve.org/view.php?id=CVE-2024-47770
03 Feb 2025 — Wazuh is a free and open source platform used for threat prevention, detection, and response. It is capable of protecting workloads across on-premises, virtualized, containerized, and cloud-based environments. This vulnerability occurs when the system has weak privilege access, that allows an attacker to do privilege escalation. In this case the attacker is able to view agent list on Wazuh dashboard with no privilege access. This issue has been addressed in release version 4.9.1 and all users are advised to... • https://github.com/wazuh/wazuh/security/advisories/GHSA-648q-8m78-5cwv • CWE-269: Improper Privilege Management •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32038 – Wazuh Analysis Engine Event Decoder Heap-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-32038
19 Apr 2024 — Wazuh is a free and open source platform used for threat prevention, detection, and response. There is a buffer overflow hazard in wazuh-analysisd when handling Unicode characters from Windows Eventchannel messages. It impacts Wazuh Manager 3.8.0 and above. This vulnerability is fixed in Wazuh Manager 4.7.2. Wazuh es una plataforma gratuita y de código abierto que se utiliza para la prevención, detección y respuesta a amenazas. • https://github.com/wazuh/wazuh/security/advisories/GHSA-fcpw-v3pg-c327 • CWE-122: Heap-based Buffer Overflow •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50260 – Wazuh's vulnerability in host_deny AR script allows arbitrary command execution
https://notcve.org/view.php?id=CVE-2023-50260
19 Apr 2024 — Wazuh is a free and open source platform used for threat prevention, detection, and response. A wrong validation in the `host_deny` script allows to write any string in the `hosts.deny` file, which can end in an arbitrary command execution on the target system. This vulnerability is part of the active response feature, which can automatically triggers actions in response to alerts. By default, active responses are limited to a set of pre defined executables. This is enforced by only allowing executables sto... • https://github.com/wazuh/wazuh/security/advisories/GHSA-mjq2-xf8g-68vw • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49275 – Wazuh vulnerable to NULL Pointer Dereference in wazuh-analysisd
https://notcve.org/view.php?id=CVE-2023-49275
19 Apr 2024 — Wazuh is a free and open source platform used for threat prevention, detection, and response. A NULL pointer dereference was detected during fuzzing of the analysis engine, allowing malicious clients to DoS the analysis engine. The bug occurs when `analysisd` receives a syscollector message with the `hotfix` `msg_type` but lacking a `timestamp`. It uses `cJSON_GetObjectItem()` to get the `timestamp` object item and dereferences it without checking for a `NULL` value. A malicious client can DoS the analysis ... • https://github.com/wazuh/wazuh/blob/e1d5231b31b68a75f3b8b33f833155b362411078/src/analysisd/decoders/syscollector.c#L1573 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-42463 – wazuh-logcollector integer underflow local privilege escalation
https://notcve.org/view.php?id=CVE-2023-42463
12 Jan 2024 — Wazuh is a free and open source platform used for threat prevention, detection, and response. This bug introduced a stack overflow hazard that could allow a local privilege escalation. This vulnerability was patched in version 4.5.3. Wazuh es una plataforma gratuita y de código abierto que se utiliza para la prevención, detección y respuesta a amenazas. Este error introdujo peligro por desbordamiento de pila que podría permitir una escalada de privilegios locales. • https://github.com/wazuh/wazuh/security/advisories/GHSA-27p5-32pp-r58r • CWE-121: Stack-based Buffer Overflow •