CVE-2025-62788

Name of the Vulnerable Software and Affected Versions Wazuh versions prior to 4.11.0

Description Wazuh is a platform for threat prevention, detection, and response. A flaw exists in the

w copy event for log()

function where it references memory after it has been freed, initially allocated in

OS CleanMSG()

. A compromised agent could potentially compromise the application's integrity by sending a specially crafted message to the Wazuh manager. An attacker can leverage this issue to potentially corrupt valid data by using previously freed memory if the memory area has been allocated and used elsewhere.

Recommendations Update to version 4.11.0 or later.