CVE-2025-62787
BaseFortify
Publication date: 2025-10-29
Last updated on: 2025-11-03
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wazuh | wazuh | to 4.10.2 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-126 | The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a buffer over-read in Wazuh versions prior to 4.10.2. It occurs in the DecodeWinevt() function when an incorrect index is used to access child attributes, causing a read operation beyond the allocated buffer. A compromised agent can send a specially crafted message to the Wazuh manager to trigger this, potentially allowing access to sensitive information contained in memory. The vulnerability is specifically triggered when certain debug configuration options are enabled.
How can this vulnerability impact me? :
If exploited, this vulnerability can allow an attacker who controls a Wazuh agent to cause the Wazuh manager to read beyond its allocated memory buffer, potentially exposing sensitive information. This could lead to unauthorized disclosure of data and compromise the security of the system monitoring environment.
What immediate steps should I take to mitigate this vulnerability?
The vulnerability is fixed in Wazuh version 4.10.2. Immediate mitigation steps include upgrading the Wazuh manager to version 4.10.2 or later. Additionally, reviewing and disabling the specific configuration option 'analysisd.debug=2' can help prevent sensitive data leakage until the upgrade is applied.