CVE-2025-62790

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Wazuh versions prior to 4.11.0

Description Wazuh is a platform for threat prevention, detection, and response. A flaw exists in the fim fetch attributes state() implementation where it does not verify if time string is NULL before applying strlen() to it. A malicious agent can exploit this to crash the analysisd component of the Wazuh manager by sending a crafted message. This can lead to a denial of service, making the manager unavailable.

Recommendations Update to version 4.11.0 or later.

Exploit

Fix

DoS

Unchecked Return Value

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-252CWE-476

Related Identifiers

BDU:2025-14488

CVE-2025-62790

GHSA-9XJ3-VC52-48P9

Affected Products

Wazuh

CVE-2025-62790

Weakness Enumeration

Related Identifiers

Affected Products

References · 9