CVE-2025-15612

Summary

Wazuh provisioning scripts and Dockerfiles contain an insecure transport vulnerability where curl is invoked with the -k/–insecure flag, disabling SSL/TLS certificate validation. Attackers with network access can perform man-in-the-middle attacks to intercept and modify downloaded dependencies or code during the build process, leading to remote code execution and supply chain compromise.

Affected Software

VendorProductVersion RangeStatus
WazuhWazuh Provisioning Scripts (Agent Build Environment)>=4.1.3affected
WazuhWazuh Provisioning Scripts (Agent Build Environment)>=4.14.0unaffected

Weaknesses

  • CWE-295: CWE-295 Improper Certificate Validation
  • CWE-829: CWE-829: Inclusion of Functionality from Untrusted Control Sphere

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References