CVE-2025-15615
Improper SSL/TLS Renegotiation in Wazuh Manager Causes DoS
Publication date: 2026-03-27
Last updated on: 2026-03-31
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wazuh | wazuh | to 4.8.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-276 | During installation, installed file permissions are set to allow anyone to modify those files. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-15615 is a denial of service (DoS) vulnerability in the Wazuh Manager's authd service affecting versions up to 4.7.3. The issue arises because the service does not properly restrict client-initiated SSL/TLS renegotiation requests.
Remote attackers can exploit this flaw by sending excessive renegotiation requests within a single SSL/TLS connection, causing the service to consume excessive CPU resources and become unavailable.
This vulnerability was demonstrated using OpenSSL's s_client connecting to port 1515/tcp, showing that although secure renegotiation is supported, it can be abused to cause a denial of service.
How can this vulnerability impact me? :
The vulnerability can impact you by allowing remote attackers to cause a denial of service on the Wazuh Manager's authd service.
By sending excessive SSL/TLS renegotiation requests, attackers can exhaust CPU resources on the server, rendering the authd service unavailable.
This unavailability can disrupt authentication processes managed by the authd service, potentially affecting the overall security monitoring and management functions provided by Wazuh Manager.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by scanning the Wazuh Manager's authd service for improper SSL/TLS renegotiation handling. A Greenbone OpenVAS scan has been used to flag this SSL/TLS renegotiation denial of service issue.
A proof of concept was demonstrated using OpenSSL's s_client tool to connect to the vulnerable service on port 1515/tcp. This can be used to check if the service supports secure renegotiation but is vulnerable to abuse.
- Use the command: openssl s_client -connect <target-ip>:1515 -tls1_2
- Observe the SSL handshake output for renegotiation support and test for excessive renegotiation requests.
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade the Wazuh Manager packages to version 4.8.0 or later, where the vulnerability has been patched.
Until the upgrade can be applied, consider restricting access to the authd service on port 1515 to trusted hosts only, to reduce exposure to remote attackers.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.