216.73.216.133

CVE-2025-64169

· Published 21/11/2025 19:16 · Modified 02/12/2025 16:28

Labels: CVE-2025-64169 2025-11-21CVE-2025-64169CWE-252CWE-476[email protected]

Essential information

Published
21/11/2025 19:16
Modified
02/12/2025 16:28
Author
Creator
CVSS
5.1 MEDIUM (v3) 5.1 MEDIUM (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 3.7.0 to before 4.12.0, fim_alert() implementation does not check whether oldsum->md5 is NULL or not before dereferencing it. A compromised agent can cause a crash of analysisd by sending a specially crafted message to the wazuh manager. This issue has been patched in version 4.12.0.

NVD status

Status
Analyzed — CVE has had analysis completed and all data associations made.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
wazuh / wazuh cpe:2.3:a:wazuh:wazuh:*:*:*:*:*:*:*:*

References