Vulnerability Description
Wazuh is a free and open source platform used for threat prevention, detection, and response. Prior to 4.12.0, a buffer over-read occurs in w_expression_match() when strlen() is called on str_test, because the corresponding buffer is not being properly NULL terminated during its allocation in OS_CleanMSG(). A compromised agent can cause a READ operation beyond the end of the allocated buffer (which may contain sensitive information) by sending a specially crafted message to the wazuh manager. An attacker who is able to craft and send an agent message to the wazuh manager can cause a buffer over-read and potentially access sensitive data. This vulnerability is fixed in 4.12.0.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Wazuh | Wazuh | < 4.12.0 |
Related Weaknesses (CWE)
References
- https://github.com/wazuh/wazuh/security/advisories/GHSA-2672-vfhm-xhr6ExploitVendor Advisory
FAQ
What is CVE-2025-62792?
CVE-2025-62792 is a vulnerability with a CVSS score of 7.5 (HIGH). Wazuh is a free and open source platform used for threat prevention, detection, and response. Prior to 4.12.0, a buffer over-read occurs in w_expression_match() when strlen() is called on str_test, be...
How severe is CVE-2025-62792?
CVE-2025-62792 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-62792?
Check the references section above for vendor advisories and patch information. Affected products include: Wazuh Wazuh.