CVE-2025-64169
BaseFortify
Publication date: 2025-11-21
Last updated on: 2025-12-02
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wazuh | wazuh | From 3.7.0 (inc) to 4.12.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-252 | The product does not check the return value from a method or function, which can prevent it from detecting unexpected states and conditions. |
| CWE-476 | The product dereferences a pointer that it expects to be valid but is NULL. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in Wazuh versions from 3.7.0 to before 4.12.0 occurs because the fim_alert() function does not check if oldsum->md5 is NULL before trying to use it. A compromised agent can exploit this by sending a specially crafted message to the Wazuh manager, causing the analysisd process to crash. This issue was fixed in version 4.12.0.
How can this vulnerability impact me? :
The vulnerability can cause the analysisd component of the Wazuh manager to crash when a compromised agent sends a specially crafted message. This can lead to denial of service, disrupting threat detection and response capabilities of the Wazuh platform.
What immediate steps should I take to mitigate this vulnerability?
Upgrade Wazuh to version 4.12.0 or later, as this version contains the patch that fixes the vulnerability causing analysisd crashes due to improper handling of fim_alert() messages.