CVE-2025-30201
BaseFortify
Publication date: 2025-11-21
Last updated on: 2025-12-02
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wazuh | wazuh | to 4.13.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-73 | The product allows user input to control or influence paths or file names that are used in filesystem operations. |
| CWE-294 | A capture-replay flaw exists when the design of the product makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes). |
| CWE-NVD-CWE-noinfo |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in Wazuh Agent prior to version 4.13.0 allows authenticated attackers to force NTLM authentication by using malicious UNC paths in various agent configuration settings. This can lead to NTLM relay attacks, which may result in privilege escalation and remote code execution.
How can this vulnerability impact me? :
The vulnerability can impact you by allowing an authenticated attacker to escalate their privileges and potentially execute remote code on your system through NTLM relay attacks, compromising the security and integrity of your environment.
What immediate steps should I take to mitigate this vulnerability?
Upgrade the Wazuh Agent to version 4.13.0 or later, as this version contains the patch that fixes the vulnerability allowing NTLM relay attacks via malicious UNC paths.