CVE-2025-30201

Name of the Vulnerable Software and Affected Versions Wazuh versions prior to 4.13.0

Description Wazuh is a platform for threat prevention, detection, and response. A flaw in the Wazuh Agent allows authenticated attackers to force NTLM authentication through malicious UNC (Universal Naming Convention) paths in agent configuration settings. This can lead to NTLM relay attacks, where attackers capture and relay NTLM authentication hashes, potentially gaining unauthorized access and leading to privilege escalation and remote code execution. The vulnerability resides in the Security Configuration Assessment (SCA) module and involves improper external control of file names or paths. Exploitation involves the use of specially crafted UNC paths.

Recommendations Upgrade to Wazuh Agent version 4.13.0 or later.