CVE-2025-64169
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-11-21

Last updated on: 2025-12-02

Assigner: GitHub, Inc.

Description
Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 3.7.0 to before 4.12.0, fim_alert() implementation does not check whether oldsum->md5 is NULL or not before dereferencing it. A compromised agent can cause a crash of analysisd by sending a specially crafted message to the wazuh manager. This issue has been patched in version 4.12.0.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-11-21
Last Modified
2025-12-02
Generated
2026-06-16
AI Q&A
2025-11-21
EPSS Evaluated
2026-06-15
NVD
CVE-2025-64169
EUVD
EUVD-2025-198506
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
wazuh wazuh From 3.7.0 (inc) to 4.12.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-476 The product dereferences a pointer that it expects to be valid but is NULL.
CWE-252 The product does not check the return value from a method or function, which can prevent it from detecting unexpected states and conditions.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in Wazuh versions from 3.7.0 to before 4.12.0 occurs because the fim_alert() function does not check if oldsum->md5 is NULL before trying to use it. A compromised agent can exploit this by sending a specially crafted message to the Wazuh manager, causing the analysisd process to crash. This issue was fixed in version 4.12.0.

Impact Analysis

The vulnerability can cause the analysisd component of the Wazuh manager to crash when a compromised agent sends a specially crafted message. This can lead to denial of service, disrupting threat detection and response capabilities of the Wazuh platform.

Mitigation Strategies

Upgrade Wazuh to version 4.12.0 or later, as this version contains the patch that fixes the vulnerability causing analysisd crashes due to improper handling of fim_alert() messages.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-64169. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart