CVE-2025-62785

CVSS v3.1

7.5

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Wazuh versions prior to 4.10.2

Description Wazuh, a platform for threat prevention, detection, and response, contains a flaw in the

fillData()

implementation. This implementation does not verify if a value is NULL before utilizing

os strdup()

on it. A malicious actor capable of crafting and sending a specific message to the Wazuh manager can induce a crash of the

analysisd

component, rendering it unavailable. This could potentially disrupt threat detection and response capabilities.

Recommendations Update to version 4.10.2 or later.

Fix

NULL Pointer Dereference

Unchecked Return Value

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

BDU:2025-14483

CVE-2025-62785

GHSA-MQPQ-PCXC-8259

Wazuh