CVE-2025-54866

Low CVSS: 1.8

Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.3.0 to before 4.13.0, a missing ACL on "C:\Program Files (x86)\ossec-agent\authd.pass" exposes the password to all "Authenticated Users" on the local machine. This issue has been patched in version 4.13.0.

Vendor

Wazuh

Product

Wazuh

CWE

CWE-276

Yayın Tarihi

2025-11-21 19:15:54

Güncelleme

2025-12-02 16:39:30

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-276 Wazuh LOW Wazuh 2025

Referanslar

https://github.com/wazuh/wazuh/commit/606f19e688944ebe5d28d72eb81ac36f8fffb143 https://github.com/wazuh/wazuh/pull/31187 https://github.com/wazuh/wazuh/releases/tag/v4.13.0 https://github.com/wazuh/wazuh/security/advisories/GHSA-mvfx-ph7m-qm37

Benzer Kayıtlar

High

CVE-2025-15617

Wazuh version 4.12.0 contains an exposure vulnerability in GitHub Actions workflow artifacts that allows attackers to ex…

Medium

CVE-2025-15615

Wazuh Manager authd service in wazuh-manager packages through version 4.7.3 contains an improper restriction of client-i…

High

CVE-2025-15616

Wazuh wazuh-agent and wazuh-manager versions 2.1.0 before 4.8.0 contain multiple shell injection and untrusted search pa…

Medium

CVE-2026-32983

Wazuh Manager authd service in wazuh-manager packages through version 4.7.3 contains an improper restriction of client-i…

Medium

CVE-2026-32984

Wazuh authd contains a heap-buffer overflow vulnerability that allows attackers to cause memory corruption and malformed…

Medium

CVE-2023-7340

Wazuh authd contains a heap-buffer overflow vulnerability that allows attackers to cause memory corruption and malformed…