CVE-2025-64483

Name of the Vulnerable Software and Affected Versions Wazuh versions 4.9.0 through 4.12.9

Description Wazuh, a security detection, visibility, and compliance open source project, has an issue where the API – Agent Configuration, in specific setups, permits authenticated users with read-only API roles to obtain agent enrollment credentials via the /utils/configuration endpoint. These credentials can be leveraged to register new agents within the same Wazuh tenant without the necessary elevated permissions through the user interface.

Recommendations Update to version 4.13.0 or later.