CVE-2025-62789
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-29

Last updated on: 2025-11-03

Assigner: GitHub, Inc.

Description
Wazuh is a free and open source platform used for threat prevention, detection, and response. Prior to 4.11.0, fim_alert() implementation does not check whether the return value of ctime_r is NULL or not before calling strdup() on it. A compromised agent can cause a crash of analysisd by sending a specially crafted message to the wazuh manager. An attacker who is able to craft and send an agent message to the wazuh manager can cause analysisd to crash and make it unavailable. This vulnerability is fixed in 4.11.0.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-29
Last Modified
2025-11-03
Generated
2026-06-16
AI Q&A
2025-10-29
EPSS Evaluated
2026-06-15
NVD
CVE-2025-62789
EUVD
EUVD-2025-36677
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
wazuh wazuh to 4.11.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-476 The product dereferences a pointer that it expects to be valid but is NULL.
CWE-252 The product does not check the return value from a method or function, which can prevent it from detecting unexpected states and conditions.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in Wazuh versions prior to 4.11.0 where the fim_alert() function does not properly check if the return value of ctime_r is NULL before calling strdup() on it. A compromised agent can send a specially crafted message to the Wazuh manager, causing the analysisd process to crash and become unavailable.

Impact Analysis

An attacker who can send a crafted message to the Wazuh manager can cause the analysisd process to crash, leading to denial of service by making the analysisd component unavailable. This disrupts threat detection and response capabilities.

Mitigation Strategies

Upgrade Wazuh to version 4.11.0 or later, as this version contains the fix for the vulnerability that causes analysisd to crash when processing specially crafted agent messages.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-62789. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart