CVE-2025-24016

CRITICALCISA KEV

9.9

Description

Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 4.4.0 and prior to version 4.9.1, an unsafe deserialization vulnerability allows for remote code execution on Wazuh servers. DistributedAPI parameters are a serialized as JSON and deserialized using `as_wazuh_object` (in `framework/wazuh/core/cluster/common.py`). If an attacker manages to inject an unsanitized dictionary in DAPI request/response, they can forge an unhandled exception (`__unhandled_exc__`) to evaluate arbitrary python code. The vulnerability can be triggered by anybody with API access (compromised dashboard or Wazuh servers in the cluster) or, in certain configurations, even by a compromised agent. Version 4.9.1 contains a fix.

Details CVE

Score CVSS v3.19.9

SeveriteCRITICAL

Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:H

Vecteur d'attaqueNETWORK

ComplexiteLOW

Privileges requisLOW

Interaction utilisateurNONE

Publie2/10/2025

Derniere modification10/24/2025

Sourcekev

Observations honeypot0

CISA KEV

FournisseurWazuh

ProduitWazuh Server

Nom vulnerabiliteWazuh Server Deserialization of Untrusted Data Vulnerability

Date ajout KEV2025-06-10

Date limite remediation2025-07-01

Utilise dans ransomwareUnknown

Produits affectes

wazuh:wazuh

Faiblesses (CWE)

CWE-502

References

https://github.com/wazuh/wazuh/security/advisories/GHSA-hcrc-79hj-m3qh(security-advisories@github.com)

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-24016(134c704f-9b21-4f2e-91b3-4a467353bcc0)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.