CVE-2025-15615

Summary

Wazuh Manager authd service in wazuh-manager packages through version 4.7.3 contains an improper restriction of client-initiated SSL/TLS renegotiation vulnerability that allows remote attackers to cause a denial of service by sending excessive renegotiation requests. Attackers can exploit the lack of renegotiation limits to consume CPU resources and render the authd service unavailable.

Affected Software

VendorProductVersion RangeStatus
Wazuhwazuh-manager<= 4.7.3affected
Wazuhwazuh-manager>= 4.8.0unaffected
Wazuhwazuh-manager<= 4.7.3affected
Wazuhwazuh-manager>= 4.8.0unaffected

Weaknesses

  • CWE-276: CWE-276 Incorrect Default Permissions

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: partial

References