CVE-2025-24016

216.73.217.22

· Published 10/06/2025 02:00 · Modified 21/12/2025 18:57 · Author: Cybersecurity and Infrastructure Security Agency

Labels: CVE-2025-24016 2025-02-10 CVE-2025-24016 CWE-502 [email protected]

Essential information

Published: 10/06/2025 02:00
Modified: 21/12/2025 18:57
Author: Cybersecurity and Infrastructure Security Agency
Creator: Cybersecurity and Infrastructure Security Agency
CVSS: 9.9 CRITICAL (v3.1)
CISA KEV: Yes
CWE: —
CVSS vector: CVSS:3.1/AV:N/C:L/I:H/A:H

CVSS metrics

Description

Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 4.4.0 and prior to version 4.9.1, an unsafe deserialization vulnerability allows for remote code execution on Wazuh servers. DistributedAPI parameters are a serialized as JSON and deserialized using `as_wazuh_object` (in `framework/wazuh/core/cluster/common.py`). If an attacker manages to inject an unsanitized dictionary in DAPI request/response, they can forge an unhandled exception (`__unhandled_exc__`) to evaluate arbitrary python code. The vulnerability can be triggered by anybody with API access (compromised dashboard or Wazuh servers in the cluster) or, in certain configurations, even by a compromised agent. Version 4.9.1 contains a fix.

NVD status

Status: Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source: [email protected]
NVD: View on NVD

CVE-2025-24016

Essential information

CVSS metrics

Description

NVD status

References

Related entities

Attack reports (2)