CVE-2025-62785: 
Wazuh Agent vulnerability analysis and mitigation

Wazuh, a free and open source platform used for threat prevention, detection, and response, was found to contain a NULL pointer dereference vulnerability (CVE-2025-62785) in its fillData() implementation. The vulnerability was discovered and disclosed on October 29, 2025, affecting all versions up to 4.10.1. The issue stems from the function not checking whether a value parameter is NULL before calling os_strdup() on it (GitHub Advisory).

The vulnerability exists in the fillData() implementation where the function fails to verify if the value parameter is NULL before calling os_strdup() on it. The issue occurs specifically when processing agent messages in the analysisd component. The vulnerability has been assigned a CVSS v4.0 base score of 6.9 (Medium) with vector string CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N, and a CVSS v3.1 base score of 7.5 (High). The vulnerability is classified under CWE-476 (NULL Pointer Dereference) and CWE-252 (Unchecked Return Value) (GitHub Advisory).

When successfully exploited, this vulnerability allows an attacker who can send agent messages to the Wazuh manager to cause the analysisd component to crash, resulting in service unavailability. The impact is primarily focused on availability, with no direct effect on confidentiality or integrity of the system (GitHub Advisory).

The vulnerability has been fixed in Wazuh version 4.10.2. Users are advised to upgrade to this version or later to mitigate the issue (GitHub Advisory, GitHub Patch).