CVE-2025-62787

Name of the Vulnerable Software and Affected Versions Wazuh versions prior to 4.10.2

Description Wazuh, a platform for threat prevention, detection, and response, contains a flaw where a buffer over-read can occur in the DecodeWinevt() function. This happens when accessing child attr[p]->attributes[j] due to an incorrect index (j). A specially crafted message sent to the Wazuh manager by a compromised agent can trigger a read operation beyond the allocated buffer, potentially exposing sensitive information. The issue requires specific configuration options (analysisd.debug=2) to be in place for data leakage to occur.

Recommendations Update to version 4.10.2 or later.