CVE-2025-15615
Received Received - Intake
Improper SSL/TLS Renegotiation in Wazuh Manager Causes DoS

Publication date: 2026-03-27

Last updated on: 2026-03-31

Assigner: VulnCheck

Description
Wazuh Manager authd service in wazuh-manager packages through version 4.7.3 contains an improper restriction of client-initiated SSL/TLS renegotiation vulnerability that allows remote attackers to cause a denial of service by sending excessive renegotiation requests. Attackers can exploit the lack of renegotiation limits to consume CPU resources and render the authd service unavailable.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-27
Last Modified
2026-03-31
Generated
2026-06-16
AI Q&A
2026-03-27
EPSS Evaluated
2026-06-15
NVD
CVE-2025-15615
EUVD
EUVD-2025-209102
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
wazuh wazuh to 4.8.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-276 During installation, installed file permissions are set to allow anyone to modify those files.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-15615 is a denial of service (DoS) vulnerability in the Wazuh Manager's authd service affecting versions up to 4.7.3. The issue arises because the service does not properly restrict client-initiated SSL/TLS renegotiation requests.

Remote attackers can exploit this flaw by sending excessive renegotiation requests within a single SSL/TLS connection, causing the service to consume excessive CPU resources and become unavailable.

This vulnerability was demonstrated using OpenSSL's s_client connecting to port 1515/tcp, showing that although secure renegotiation is supported, it can be abused to cause a denial of service.

Impact Analysis

The vulnerability can impact you by allowing remote attackers to cause a denial of service on the Wazuh Manager's authd service.

By sending excessive SSL/TLS renegotiation requests, attackers can exhaust CPU resources on the server, rendering the authd service unavailable.

This unavailability can disrupt authentication processes managed by the authd service, potentially affecting the overall security monitoring and management functions provided by Wazuh Manager.

Detection Guidance

This vulnerability can be detected by scanning the Wazuh Manager's authd service for improper SSL/TLS renegotiation handling. A Greenbone OpenVAS scan has been used to flag this SSL/TLS renegotiation denial of service issue.

A proof of concept was demonstrated using OpenSSL's s_client tool to connect to the vulnerable service on port 1515/tcp. This can be used to check if the service supports secure renegotiation but is vulnerable to abuse.

  • Use the command: openssl s_client -connect <target-ip>:1515 -tls1_2
  • Observe the SSL handshake output for renegotiation support and test for excessive renegotiation requests.
Mitigation Strategies

The immediate mitigation step is to upgrade the Wazuh Manager packages to version 4.8.0 or later, where the vulnerability has been patched.

Until the upgrade can be applied, consider restricting access to the authd service on port 1515 to trusted hosts only, to reduce exposure to remote attackers.

Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-15615. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart