CVE-2025-62787

CVSS v3.1

7.5

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Wazuh versions prior to 4.10.2

Description Wazuh, a platform for threat prevention, detection, and response, contains a flaw where a buffer over-read can occur in the

DecodeWinevt()

function. This happens when accessing

child attr[p]->attributes[j]

due to an incorrect index (

). A specially crafted message sent to the Wazuh manager by a compromised agent can trigger a read operation beyond the allocated buffer, potentially exposing sensitive information. The issue requires specific configuration options (

analysisd.debug=2

) to be in place for data leakage to occur.

Recommendations Update to version 4.10.2 or later.

Exploit

Fix

Buffer Over-read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-126

Related Identifiers

BDU:2025-14485

CVE-2025-62787

GHSA-3HHQ-5367-98Q6

Affected Products

Wazuh

CVE-2025-62787

Weakness Enumeration

Related Identifiers

Affected Products

References · 10