Github.Com Wazuh Wazuh vulnerabilities
3 known vulnerabilities affecting github.com/wazuh_wazuh.
Total CVEs
3
CISA KEV
1
actively exploited
Public exploits
1
Exploited in wild
1
Severity breakdown
CRITICAL1UNKNOWN2
Vulnerabilities
Page 1 of 1
CVE-2025-24016P1CRITICALKEVPoC≥ 4.4.0, < 4.9.12025-04-22
CVE-2025-24016 [CRITICAL] CWE-502 Wazuh server vulnerable to remote code execution
Wazuh server vulnerable to remote code execution
### Summary
An unsafe deserialization vulnerability allows for remote code execution on Wazuh servers.
The vulnerability can be triggered by anybody with API access (compromised dashboard or Wazuh servers in the cluster) or, in certain configurations, even by a compromised agent.
### Details
DistributedAPI parameters are a serialized as JSON and deserialized using
ghsaosv
CVE-2024-47770P3UNKNOWN≥ 0, < 4.9.1+incompatible2025-02-04
CVE-2024-47770 Ability to view Agent list with no privilege access in wazuh-dashboard in github.com/wazuh/wazuh
Ability to view Agent list with no privilege access in wazuh-dashboard in github.com/wazuh/wazuh
Ability to view Agent list with no privilege access in wazuh-dashboard in github.com/wazuh/wazuh
osv
CVE-2024-35177P3UNKNOWN≥ 3.0.0+incompatible, < 4.9.0+incompatible2025-02-04
CVE-2024-35177 Improper Access Control in wazuh-agent in github.com/wazuh/wazuh
Improper Access Control in wazuh-agent in github.com/wazuh/wazuh
Improper Access Control in wazuh-agent in github.com/wazuh/wazuh
osv