CVE-2025-62786
BaseFortify
Publication date: 2025-10-29
Last updated on: 2025-11-03
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wazuh | wazuh | to 4.10.2 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-124 | The product writes to a buffer using an index or pointer that references a memory location prior to the beginning of the buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a heap-based out-of-bounds write in the Wazuh platform's decode_win_permissions function. It causes a NULL byte to be written two bytes before the start of a buffer, which can be exploited by a compromised agent sending a specially crafted message to the Wazuh manager. This can potentially lead to remote code execution on the Wazuh manager.
How can this vulnerability impact me? :
If exploited, this vulnerability can allow an attacker who can send messages to the Wazuh manager to execute arbitrary code remotely on the manager system. This could lead to full compromise of the Wazuh manager, affecting the security and integrity of the threat prevention, detection, and response platform.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update the Wazuh manager to version 4.10.2 or later, where the issue is fixed. Additionally, restrict or monitor agent messages to the Wazuh manager to prevent potentially malicious crafted messages from compromised agents.