TROYANOSYVIRUS
Zuruck zu CVEs

CVE-2025-24016

CRITICALCISA KEV
9.9

Beschreibung

Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 4.4.0 and prior to version 4.9.1, an unsafe deserialization vulnerability allows for remote code execution on Wazuh servers. DistributedAPI parameters are a serialized as JSON and deserialized using `as_wazuh_object` (in `framework/wazuh/core/cluster/common.py`). If an attacker manages to inject an unsanitized dictionary in DAPI request/response, they can forge an unhandled exception (`__unhandled_exc__`) to evaluate arbitrary python code. The vulnerability can be triggered by anybody with API access (compromised dashboard or Wazuh servers in the cluster) or, in certain configurations, even by a compromised agent. Version 4.9.1 contains a fix.

CVE Details

CVSS v3.1 Bewertung9.9
SchweregradCRITICAL
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:H
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienLOW
BenutzerinteraktionNONE
Veroffentlicht2/10/2025
Zuletzt geandert10/24/2025
Quellekev
Honeypot-Sichtungen0

CISA KEV

HerstellerWazuh
ProduktWazuh Server
SchwachstellennameWazuh Server Deserialization of Untrusted Data Vulnerability
KEV Aufnahmedatum2025-06-10
Behebungsfrist2025-07-01
Ransomware-NutzungUnknown

Betroffene Produkte

wazuh:wazuh

Schwachen (CWE)

CWE-502

Referenzen

https://github.com/wazuh/wazuh/security/advisories/GHSA-hcrc-79hj-m3qh(security-advisories@github.com)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-24016(134c704f-9b21-4f2e-91b3-4a467353bcc0)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.