QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2025-62789

Back to search

CVE-2025-62789

Published: Oct 29, 2025

Modified: Oct 29, 2025

PUBLISHED

Description

Wazuh is a free and open source platform used for threat prevention, detection, and response. Prior to 4.11.0, fim_alert() implementation does not check whether the return value of ctime_r is NULL or not before calling strdup() on it. A compromised agent can cause a crash of analysisd by sending a specially crafted message to the wazuh manager. An attacker who is able to craft and send an agent message to the wazuh manager can cause analysisd to crash and make it unavailable. This vulnerability is fixed in 4.11.0.

VendorProductVersions

wazuh

wazuh

affected
< 4.11.0

Weaknesses (CWE)

CWE-252
CWE-476

References

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now