CVE-2025-62790

Name of the Vulnerable Software and Affected Versions Wazuh versions prior to 4.11.0

Description Wazuh is a platform for threat prevention, detection, and response. A flaw exists in the

fim fetch attributes state()

implementation where it does not verify if

time string

is NULL before applying

strlen()

to it. A malicious agent can exploit this to crash the

analysisd

component of the Wazuh manager by sending a crafted message. This can lead to a denial of service, making the manager unavailable.

Recommendations Update to version 4.11.0 or later.