CVE-2025-62786
Published: 29 October 2025
Description
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Security Summary
CVE-2025-62786 is a heap-based out-of-bounds write vulnerability in the decode_win_permissions function of Wazuh, a free and open-source platform used for threat prevention, detection, and response. The flaw occurs when a NULL byte is written two bytes before the start of the buffer allocated to decoded_it, affecting the Wazuh manager component. It is classified under CWE-124 and has a CVSS v3.1 base score of 8.1 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).
A compromised Wazuh agent or an attacker able to craft and send a specially crafted agent message to the Wazuh manager can potentially exploit this issue to achieve remote code execution on the manager. Exploitability depends on the specifics of the respective heap allocator.
The vulnerability is fixed in Wazuh version 4.10.2. Additional details are available in the Wazuh security advisory at https://github.com/wazuh/wazuh/security/advisories/GHSA-2c8r-p6r5-xxmr and the fixing commit at https://github.com/wazuh/wazuh/commit/2257d7998aaff34263169d16f4afc491564a771c.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The vulnerability allows remote code execution via a specially crafted agent message to the network-accessible Wazuh manager, directly mapping to exploitation of a public-facing or remotely exploitable application/service.