CVE-2025-15612

Name of the Vulnerable Software and Affected Versions Wazuh (affected versions not specified)

Description The software contains an insecure transport issue due to the use of the -k or --insecure flag with curl, which disables SSL/TLS certificate validation. This allows attackers with network access to conduct man-in-the-middle attacks, potentially intercepting and modifying downloaded dependencies or code during the build process. Successful exploitation could lead to remote code execution and compromise the supply chain. The vulnerable component is the curl command used within the provisioning scripts and Dockerfiles.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.