CVE-2025-62790

Summary

Wazuh is a free and open source platform used for threat prevention, detection, and response. Prior to 4.11.0, fim_fetch_attributes_state() implementation does not check whether time_string is NULL or not before calling strlen() on it. A compromised agent can cause a crash of analysisd by sending a specially crafted message to the wazuh manager. An attacker who is able to craft and send an agent message to the wazuh manager can cause analysisd to crash and make it unavailable. This vulnerability is fixed in 4.11.0.

Affected Software

VendorProductVersion RangeStatus
wazuhwazuh< 4.11.0affected

Weaknesses

  • CWE-476: CWE-476: NULL Pointer Dereference
  • CWE-252: CWE-252: Unchecked Return Value

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: partial

References