Wazuh Server Deserialization of Untrusted Data Vulnerability - 20250612002¶
Overview¶
An unsafe deserialization vulnerability allows for remote code execution on Wazuh servers. The vulnerability can be triggered by anybody with API access (compromised dashboard or Wazuh servers in the cluster) or, in certain configurations, even by a compromised agent.
What is vulnerable?¶
| Product(s) Affected | Version(s) | CVE | CVSS | Severity |
|---|---|---|---|---|
| Wazuh Server | version 4.4.0 and prior to version 4.9.1 | CVE-2025-24016 | 9.9 | Critical |
What has been observed?¶
CISA has added the vulnerability to their Known Exploited Vulnerabilities catalog. The WA SOC has not received any reports of exploitation of this vulnerability on Western Australian Government networks at the time of writing.
Recommendation¶
The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframes (refer Patch Management):