CVE-2025-62792

Name of the Vulnerable Software and Affected Versions Wazuh versions prior to 4.12.0

Description Wazuh, a free and open source platform for threat prevention, detection, and response, contains a flaw where a buffer over-read can occur in the w expression match() function. This happens when strlen() is called on str test because the corresponding buffer is not properly NULL terminated during allocation in OS CleanMSG(). A compromised agent can trigger a read operation beyond the allocated buffer's boundaries, potentially exposing sensitive information, by sending a specially crafted message to the Wazuh manager. An attacker who can craft and send an agent message to the Wazuh manager can exploit this issue.

Recommendations Update to Wazuh version 4.12.0 or later.