Vulnerability Description
Wazuh is a security detection, visibility, and compliance open source project. From version 4.9.0 to before 4.13.0, the Wazuh API – Agent Configuration in certain configurations allows authenticated users with read-only API roles to retrieve agent enrollment credentials through the /utils/configuration endpoint. These credentials can be used to register new agents within the same Wazuh tenant without requiring elevated permissions through the UI. This issue has been patched in version 4.13.0.
Related Weaknesses (CWE)
References
- https://github.com/wazuh/wazuh-dashboard-plugins/commit/eac859f1ad0bf5eb8b0dbc7e
- https://github.com/wazuh/wazuh-dashboard-plugins/security/advisories/GHSA-gwf3-8
FAQ
What is CVE-2025-64483?
CVE-2025-64483 is a documented vulnerability. Wazuh is a security detection, visibility, and compliance open source project. From version 4.9.0 to before 4.13.0, the Wazuh API – Agent Configuration in certain configurations allows authenticated u...
How severe is CVE-2025-64483?
CVSS scoring is not yet available for CVE-2025-64483. Check NVD for updates.
Is there a patch for CVE-2025-64483?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.