CVE-2025-59938: 
Wazuh Agent vulnerability analysis and mitigation

Wazuh, a free and open source platform used for threat prevention, detection, and response, was found to contain a heap buffer overflow vulnerability (CVE-2025-59938) in versions 3.8.0 to 4.11.0. The vulnerability specifically affects the wazuh-analysisd component when parsing XML elements from Windows EventChannel messages (GitHub Advisory).

The vulnerability is classified as a heap-based buffer overflow (CWE-122) that occurs during the parsing of XML elements from Windows EventChannel messages in the wazuh-analysisd component. The issue has been assigned a CVSS v3.1 base score of 6.5 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H, indicating network accessibility with low attack complexity and requiring low privileges (GitHub Advisory).

The vulnerability primarily affects system availability, with no direct impact on confidentiality or integrity. When exploited, it can lead to denial-of-service conditions and out-of-bounds read operations, potentially causing the wazuh-analysisd service to crash (GitHub Advisory).

The vulnerability has been patched in Wazuh version 4.11.0. Users running affected versions (3.8.0 to 4.11.0) should upgrade to version 4.11.0 or later to mitigate this security issue (GitHub Advisory).