CVE-2025-59938

Medium CVSS: 6.5

Wazuh is a free and open source platform used for threat prevention, detection, and response. In versions starting from 3.8.0 to before 4.11.0, wazuh-analysisd is vulnerable to a heap buffer overflow when parsing XML elements from Windows EventChannel messages. This issue has been patched in version 4.11.0.

Vendor

Wazuh

Product

Wazuh

CWE

CWE-122

Yayın Tarihi

2025-09-27 01:15:43

Güncelleme

2025-10-16 17:33:38

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-122 Wazuh MEDIUM Wazuh 2025

Referanslar

https://github.com/wazuh/wazuh/security/advisories/GHSA-vw3r-mjg3-9hh2

Benzer Kayıtlar

High

CVE-2025-15617

Wazuh version 4.12.0 contains an exposure vulnerability in GitHub Actions workflow artifacts that allows attackers to ex…

Medium

CVE-2025-15615

Wazuh Manager authd service in wazuh-manager packages through version 4.7.3 contains an improper restriction of client-i…

High

CVE-2025-15616

Wazuh wazuh-agent and wazuh-manager versions 2.1.0 before 4.8.0 contain multiple shell injection and untrusted search pa…

Medium

CVE-2026-32983

Wazuh Manager authd service in wazuh-manager packages through version 4.7.3 contains an improper restriction of client-i…

Medium

CVE-2026-32984

Wazuh authd contains a heap-buffer overflow vulnerability that allows attackers to cause memory corruption and malformed…

Medium

CVE-2023-7340

Wazuh authd contains a heap-buffer overflow vulnerability that allows attackers to cause memory corruption and malformed…