CVE-2025-62786

Name of the Vulnerable Software and Affected Versions Wazuh versions prior to 4.10.2

Description Wazuh, a free and open source platform for threat prevention, detection, and response, contains a heap-based out-of-bounds write issue in the decode win permissions function. This flaw allows a compromised agent to potentially execute remote code on the Wazuh manager by sending a specially crafted message. The exploitability of this issue depends on the specifics of the heap allocator. An attacker who can craft and send an agent message to the Wazuh manager may be able to achieve remote code execution. The issue involves writing a NULL byte 2 bytes before the start of the buffer allocated to decoded it.

Recommendations Update to Wazuh version 4.10.2 or later.