CVE-2025-64169

Medium CVSS: 5.1

Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 3.7.0 to before 4.12.0, fim_alert() implementation does not check whether oldsum->md5 is NULL or not before dereferencing it. A compromised agent can cause a crash of analysisd by sending a specially crafted message to the wazuh manager. This issue has been patched in version 4.12.0.

Vendor

Wazuh

Product

Wazuh

CWE

CWE-252

Yayın Tarihi

2025-11-21 19:16:02

Güncelleme

2025-12-02 16:28:06

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-252 Wazuh MEDIUM Wazuh 2025

Referanslar

https://github.com/wazuh/wazuh/security/advisories/GHSA-hc35-h924-8596

Benzer Kayıtlar

High

CVE-2025-15617

Wazuh version 4.12.0 contains an exposure vulnerability in GitHub Actions workflow artifacts that allows attackers to ex…

Medium

CVE-2025-15615

Wazuh Manager authd service in wazuh-manager packages through version 4.7.3 contains an improper restriction of client-i…

High

CVE-2025-15616

Wazuh wazuh-agent and wazuh-manager versions 2.1.0 before 4.8.0 contain multiple shell injection and untrusted search pa…

Medium

CVE-2026-32983

Wazuh Manager authd service in wazuh-manager packages through version 4.7.3 contains an improper restriction of client-i…

Medium

CVE-2026-32984

Wazuh authd contains a heap-buffer overflow vulnerability that allows attackers to cause memory corruption and malformed…

Medium

CVE-2023-7340

Wazuh authd contains a heap-buffer overflow vulnerability that allows attackers to cause memory corruption and malformed…