CVE-2025-15615 — MEDIUM (5.8)

Q: How severe is CVE-2025-15615?

CVE-2025-15615 has been rated MEDIUM with a CVSS base score of 5.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2025-15615?

Check the references section above for vendor advisories and patch information. Affected products include: Wazuh Wazuh.

Vulnerability Description

Wazuh Manager authd service in wazuh-manager packages through version 4.7.3 contains an improper restriction of client-initiated SSL/TLS renegotiation vulnerability that allows remote attackers to cause a denial of service by sending excessive renegotiation requests. Attackers can exploit the lack of renegotiation limits to consume CPU resources and render the authd service unavailable.

CVSS Score

5.8

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality

NONE

Integrity

NONE

Availability

LOW

Affected Products

Vendor	Product	Versions
Wazuh	Wazuh	< 4.8.0

Related Weaknesses (CWE)

CWE-276

References

https://github.com/wazuh/wazuh/security/advisories/GHSA-rr83-v9v7-jjhpExploitVendor Advisory
https://www.vulncheck.com/advisories/ssl-tls-renegotiation-dos-in-wazuh-manager-Third Party Advisory

FAQ

What is CVE-2025-15615?

CVE-2025-15615 is a vulnerability with a CVSS score of 5.8 (MEDIUM). Wazuh Manager authd service in wazuh-manager packages through version 4.7.3 contains an improper restriction of client-initiated SSL/TLS renegotiation vulnerability that allows remote attackers to cau...

How severe is CVE-2025-15615?

CVE-2025-15615 has been rated MEDIUM with a CVSS base score of 5.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-15615?

Check the references section above for vendor advisories and patch information. Affected products include: Wazuh Wazuh.