CVE-2025-62785

Name of the Vulnerable Software and Affected Versions Wazuh versions prior to 4.10.2

Description Wazuh, a platform for threat prevention, detection, and response, contains a flaw in the fillData() implementation. This implementation does not verify if a value is NULL before utilizing os strdup() on it. A malicious actor capable of crafting and sending a specific message to the Wazuh manager can induce a crash of the analysisd component, rendering it unavailable. This could potentially disrupt threat detection and response capabilities.

Recommendations Update to version 4.10.2 or later.