CVE-2025-62785

CVSS v3.1

7.5

High

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Wazuh versions prior to 4.10.2

Description Wazuh, a platform for threat prevention, detection, and response, contains a flaw in the fillData() implementation. This implementation does not verify if a value is NULL before utilizing os strdup() on it. A malicious actor capable of crafting and sending a specific message to the Wazuh manager can induce a crash of the analysisd component, rendering it unavailable. This could potentially disrupt threat detection and response capabilities.

Recommendations Update to version 4.10.2 or later.

Fix

NULL Pointer Dereference

Unchecked Return Value

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476CWE-252

Related Identifiers

BDU:2025-14483

CVE-2025-62785

GHSA-MQPQ-PCXC-8259

Affected Products

Wazuh

CVE-2025-62785

Weakness Enumeration

Related Identifiers

Affected Products

References · 10