Wazuh, a leading provider of open-source security solutions, has issued a critical security advisory regarding a remote code execution vulnerability affecting its platform. The vulnerability, identified as CVE-2025-24016 and assigned a CVSS score of 9.9, could allow attackers to gain complete control of vulnerable Wazuh servers.
Wazuh is a widely used platform for threat prevention, detection, and response. It provides a comprehensive suite of security capabilities, including log analysis, intrusion detection, file integrity monitoring, and vulnerability assessment.
According to the advisory, the vulnerability stems from an unsafe deserialization issue in the Wazuh server’s API. An attacker could exploit this flaw by sending a specially crafted request to the server, potentially leading to arbitrary code execution.
“The vulnerability can be triggered by anybody with API access (compromised dashboard or Wazuh servers in the cluster) or, in certain configurations, even by a compromised agent,” the advisory states.
The advisory provides a proof-of-concept (PoC) exploit demonstrating how an attacker can abuse Wazuh’s API to shut down the master server:
Executing this command forces an immediate shutdown of the master server, demonstrating how trivial it is to exploit this flaw under default credentials.
The Wazuh project has credited security researcher DanielFi for reporting this vulnerability.
Wazuh has addressed the CVE-2025-24016 vulnerability in version 4.9.1. Administrators are strongly urged to update immediately to mitigate the risk.
The advisory emphasizes the importance of fixing the root cause rather than relying on sanitization, as there may be “multiple other ways to execute arbitrary code in as_wazuh_object.” Organizations should also review API access permissions and harden agent configurations to prevent exploitation.
Related Posts:
- Facebook closes some APIs to protect user information
- SAP Security Patch Day February 2025: Multi Vulnerabilities Addressed
- Robust Open Online Safety Tools (ROOST): Tech Giants Unite to Build AI-Era Security Infrastructure
