PT-2025-44324 · Wazuh · Wazuh

Published

2025-01-23

·

Updated

2025-10-29

·

CVE-2025-62790

CVSS v3.1

7.5

High

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Wazuh versions prior to 4.11.0
Description Wazuh is a platform for threat prevention, detection, and response. A flaw exists in the fim fetch attributes state() implementation where it does not verify if time string is NULL before applying strlen() to it. A malicious agent can exploit this to crash the analysisd component of the Wazuh manager by sending a crafted message. This can lead to a denial of service, making the manager unavailable.
Recommendations Update to version 4.11.0 or later.

Exploit

Fix

DoS

Unchecked Return Value

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

BDU:2025-14488
CVE-2025-62790
GHSA-9XJ3-VC52-48P9

Affected Products

Wazuh