Vulnerability DatabaseCVE-2025-62791

CVE-2025-62791:
Wazuh Agent vulnerability analysis and mitigation

Overview

Wazuh, a free and open source platform used for threat prevention, detection, and response, was found to contain a vulnerability in versions prior to 4.11.0. The vulnerability (CVE-2025-62791) was discovered in the DecodeCiscat() implementation, which fails to check the return value of cJSON_GetObjectItem() for possible NULL values. This security flaw was disclosed on October 29, 2025 (GitHub Advisory).

Technical details

The vulnerability exists in the DecodeCiscat() function at line 76 of the wazuh/src/analysisd/decoders/ciscat.c file. When processing certain input messages, cJSON_GetObjectItem(logJSON, "type") returns NULL, and attempting to access the valuestring property of NULL results in a NULL pointer dereference error. The vulnerability has received a CVSS v4.0 base score of 6.9 (Medium) with vector string CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N, and a CVSS v3.1 base score of 7.5 (High) (GitHub Advisory).

Impact

When successfully exploited, this vulnerability can cause the Wazuh analysisd process to crash, resulting in a denial of service condition for the Wazuh manager. The impact is primarily focused on system availability, with no direct effect on confidentiality or integrity of the system (GitHub Advisory).

Mitigation and workarounds

The vulnerability has been fixed in Wazuh version 4.11.0. Users are advised to upgrade to this version or later to mitigate the security risk (GitHub Advisory).

Additional resources

Source: This report was generated using AI

View vulnerable instances

Not a Wiz customer? See which CVEs are exploitable in your environment.

Get a CVE Assessment

6.9

Score

Published October 29, 2025

Severity MEDIUM

CNA Score 6.9

Affected Technologies

Wazuh Agent

Has Public Exploit No

Has CISA KEV Exploit No

CISA KEV Release Date N/A

CISA KEV Due Date N/A

Exploitation Probability Percentile (EPSS) 21.9

Exploitation Probability (EPSS) 0.1

Affected packages and libraries

cpe:2.3:a:wazuh:wazuh

Sources

VulnCheck NVD++
- Linux Severity HIGHHas FixAdded at: Nov 02, 2025
- Windows Severity HIGHHas FixAdded at: Nov 02, 2025
NVD
- Linux Severity HIGHHas FixAdded at: Nov 05, 2025
- Windows Severity HIGHHas FixAdded at: Nov 05, 2025

Get a CVE risk assessment

Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.

Request assessment

Related Wazuh Agent vulnerabilities:

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2025-30201	CRITICAL	9.1	Wazuh Agent	cpe:2.3:a:wazuh:wazuh	No	Yes	Nov 21, 2025
CVE-2025-62792	MEDIUM	6.9	Wazuh Agent	cpe:2.3:a:wazuh:wazuh	No	Yes	Oct 29, 2025
CVE-2025-62791	MEDIUM	6.9	Wazuh Agent	cpe:2.3:a:wazuh:wazuh	No	Yes	Oct 29, 2025
CVE-2025-64169	MEDIUM	5.1	Wazuh Agent	cpe:2.3:a:wazuh:wazuh	No	Yes	Nov 21, 2025
CVE-2025-54866	LOW	1.8	Wazuh Agent	cpe:2.3:a:wazuh:wazuh	No	Yes	Nov 21, 2025

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

A threat intelligence database

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."

David EstlickCISO

"Wiz provides a single pane of glass to see what is going on in our cloud environments."

Adam FletcherChief Security Officer

"We know that if Wiz identifies something as critical, it actually is."

Greg PoniatowskiHead of Threat and Vulnerability Management

Get a demo

CVE-2025-62791: Wazuh Agent vulnerability analysis and mitigation