216.73.217.86

CVE-2025-62792

· Published 29/10/2025 17:15 · Modified 29/10/2025 17:15

Labels: CVE-2025-62792 2025-10-29CVE-2025-62792CWE-126[email protected]

Essential information

Published
29/10/2025 17:15
Modified
29/10/2025 17:15
Author
Creator
CVSS
6.9 MEDIUM (v3) 6.9 MEDIUM (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

Wazuh is a free and open source platform used for threat prevention, detection, and response. Prior to 4.12.0, a buffer over-read occurs in w_expression_match() when strlen() is called on str_test, because the corresponding buffer is not being properly NULL terminated during its allocation in OS_CleanMSG(). A compromised agent can cause a READ operation beyond the end of the allocated buffer (which may contain sensitive information) by sending a specially crafted message to the wazuh manager. An attacker who is able to craft and send an agent message to the wazuh manager can cause a buffer over-read and potentially access sensitive data. This vulnerability is fixed in 4.12.0.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
wazuh / wazuh cpe:2.3:a:wazuh:wazuh:*:*:*:*:*:*:*:*
wazuh / wazuh cpe:2.3:a:wazuh:wazuh:4.12.0:*:*:*:*:*:*:*

References