CVE-2025-62789

CVSS v3.1

7.5

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Wazuh versions prior to 4.11.0

Description Wazuh is a platform for threat prevention, detection, and response. A flaw exists in the

fim alert()

implementation where it does not verify if the return value of

ctime r

is NULL before using it with

strdup()

. A malicious agent can exploit this to crash the

analysisd

component of the Wazuh manager by sending a crafted message. This can lead to denial of service, making the manager unavailable.

Recommendations Update to version 4.11.0 or later.

Fix

DoS

Unchecked Return Value

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

BDU:2025-14487

CVE-2025-62789

GHSA-8RVQ-MM2F-8Q22

Wazuh