AI description
CVE-2025-24016 is a critical remote code execution (RCE) vulnerability found in the Wazuh security platform, versions 4.4.0 through 4.9.0. It allows attackers to execute arbitrary code on affected Wazuh servers. The vulnerability arises from unsafe deserialization of DistributedAPI (DAPI) parameters. These parameters are serialized as JSON and then deserialized using the `as_wazuh_object` function. Attackers can exploit this by injecting a malicious, unsanitized dictionary into a DAPI request or response, leading to the execution of arbitrary Python code. This vulnerability can be exploited by anyone with API access, potentially including compromised dashboards, other Wazuh servers within a cluster, or even compromised agents, depending on the configuration. Wazuh has addressed this vulnerability in version 4.9.1. Users are strongly encouraged to update to this version to mitigate the risk of exploitation.
- Description
- Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 4.4.0 and prior to version 4.9.1, an unsafe deserialization vulnerability allows for remote code execution on Wazuh servers. DistributedAPI parameters are a serialized as JSON and deserialized using `as_wazuh_object` (in `framework/wazuh/core/cluster/common.py`). If an attacker manages to inject an unsanitized dictionary in DAPI request/response, they can forge an unhandled exception (`__unhandled_exc__`) to evaluate arbitrary python code. The vulnerability can be triggered by anybody with API access (compromised dashboard or Wazuh servers in the cluster) or, in certain configurations, even by a compromised agent. Version 4.9.1 contains a fix.
- Source
- security-advisories@github.com
- NVD status
- Received
CVSS 3.1
- Type
- Secondary
- Base score
- 9.9
- Impact score
- 6
- Exploitability score
- 3.1
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:H
- Severity
- CRITICAL
- security-advisories@github.com
- CWE-502
- Hype score
- Not currently trending
CVE-2025-24016: Unsafe Deserialization Vulnerability in Wazuh Leading to Remote Code Execution https://t.co/defmjDZfGk
@Dinosn
17 Mar 2025
4464 Impressions
24 Retweets
72 Likes
21 Bookmarks
1 Reply
0 Quotes
CVE-2025-24016: Unsafe Deserialization Vulnerability in Wazuh Leading to Remote Code Execution https://t.co/Fux4diBy3k https://t.co/BMI6m2nLcO
@secharvesterx
17 Mar 2025
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-24016: Unsafe Deserialization Vulnerability in Wazuh Leading to Remote Code Execution https://t.co/hEfc3L7CKS
@_r_netsec
17 Mar 2025
752 Impressions
1 Retweet
3 Likes
3 Bookmarks
0 Replies
0 Quotes
⚠️Explotación de CVE-2025-24016 relacionada con Wazuh ❗️CVE-2025-24016 ➡️Más info: https://t.co/4EXkPd9CNB https://t.co/DBZiwfawuM
@CERTpy
11 Mar 2025
132 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
csirt_it: ‼️ Rilevato lo sfruttamento attivo in rete della vulnerabilità CVE-2025-24016 presente in #Wazuh Server Rischio: 🔴 Tipologia: 🔸Denial of Service 🔸Remote Code Execution 🔗 https://t.co/Iob9Iz8zsi ⚠ Importante aggiornare i software intere… https://t.co/5VNhVQr8GK
@Vulcanux_
10 Mar 2025
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
‼️ Rilevato lo sfruttamento attivo in rete della vulnerabilità CVE-2025-24016 presente in #Wazuh Server Rischio: 🔴 Tipologia: 🔸Denial of Service 🔸Remote Code Execution 🔗 https://t.co/dfnXF91n8v ⚠ Importante aggiornare i software interessati https://t.co/Mnll3jw8se
@csirt_it
10 Mar 2025
44 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-24016 - Ejecución Remota de Código en Wazuh mediante Deserialización Insegura 🚨 Se ha identificado una vulnerabilidad crítica en Wazuh (v4.4.0 a v4.9.0) debido a una deserialización insegura en la DistributedAPI (DAPI). https://t.co/diblq3nTRW
@BanCERT_gt
28 Feb 2025
31 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-24016: Wazuh Unsafe Deserialization Remote Code Execution (RCE) https://t.co/ocrHtiQVEb
@momika233
23 Feb 2025
4059 Impressions
36 Retweets
117 Likes
54 Bookmarks
0 Replies
0 Quotes
🚨 🔥 CVE-2025-24016: Exploit en Wazuh Permite RCE vía Deserialización Insegura https://t.co/ZmxpjQ3qZI
@tpx_Security
22 Feb 2025
126 Impressions
2 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
[1day1line] CVE-2025-24016: RCE Vulnerability due to Insecure Deserialization in Wazuh Manager https://t.co/6rgGe3pxgy Hello, this is empty. Today's 1day1line is CVE-2025-24016, an RCE vulnerability caused by insecure deserialization in Wazuh, an open source SIEM. The… https://
@hackyboiz
22 Feb 2025
703 Impressions
10 Retweets
11 Likes
6 Bookmarks
0 Replies
0 Quotes
Alhamdulillah, I’ve released a PoC for CVE-2025-24016 RCE in Wazuh server! Severity: 10 My GitHub PoC: https://t.co/G6Nl7aP3v0 Here is the reference: https://t.co/G6Nl7aP3v0 #CVE #RCE #BugBounty #CyberSecurity #Wazuh #InfoSec #Vulnerability #Exploit #SecurityResearch https://t.
@wgujjer11
21 Feb 2025
1608 Impressions
10 Retweets
63 Likes
29 Bookmarks
1 Reply
1 Quote
Wazuh — Unsafe Deserialization RCE (CVE-2025-24016) An unsafe deserialization vulnerability in Wazuh servers allows remote code execution through unsanitized dictionary injection in DAPI requests/responses 🔗 Source: https://t.co/7BCC8IJnsq #wazuh #deserialization #rce #cve h
@HackingTeam777
18 Feb 2025
4265 Impressions
43 Retweets
101 Likes
41 Bookmarks
0 Replies
0 Quotes
🛡️¿Tu empresa usa WAZUH? Podrían APAGAR tus servidores en segundos Si tu empresa usa Wazuh para monitoreo y seguridad, podría estar en riesgo en este momento. Una nueva vulnerabilidad crítica (CVE-2025-24016, CVSS 9.9) permite que un atacante: 1. Tome control total del… http
@CycuraMX
14 Feb 2025
151 Impressions
0 Retweets
3 Likes
1 Bookmark
0 Replies
0 Quotes
CVE-2025-24016 Wazuh Unsafe Deserialization RCE Detection. Nuclei template to detect the unsafe deserialization vulnerability in Wazuh servers, identified as CVE-2025-24016 https://t.co/avLMulTGdd
@cyber_advising
13 Feb 2025
916 Impressions
1 Retweet
18 Likes
8 Bookmarks
0 Replies
0 Quotes
CVE-2025-24016 Wazuh Unsafe Deserialization RCE Nuclei Template https://t.co/9nP75olF39
@1337stif
13 Feb 2025
508 Impressions
2 Retweets
13 Likes
4 Bookmarks
0 Replies
0 Quotes
⚠️⚠️ CVE-2025-24016 (CVSS 9.9): Critical RCE Vulnerability Discovered in Wazuh Server 🎯28k+ Results are found on the https://t.co/pb16tGYaKe nearly year. 🔥PoC: https://t.co/vdyBHOF1w1 🔗FOFA Link:https://t.co/oYwstlQGfB FOFA Query:app="Wazuh"… https://t.co/xVgAfQRpBW
@fofabot
13 Feb 2025
991 Impressions
5 Retweets
12 Likes
4 Bookmarks
0 Replies
0 Quotes
🚨Alert🚨 CVE-2025-24016 (CVSS 9.9): Critical RCE Vulnerability Discovered in Wazuh https://t.co/NRTOsR4Flu affects versions 4.4.0 through 4.9.1. 🔥PoC:https://t.co/kSaqSg3Xhq 📊 17.8K+Services are found on the https://t.co/ysWb28BTvF yearly. 🔗Hunter… https://t.co/XeJHhzGTWZ h
@HunterMapping
13 Feb 2025
3195 Impressions
28 Retweets
70 Likes
21 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-24016 ⚠️🔴 CRITICAL (9.9) 🏢 wazuh - wazuh 🏗️ >= 4.4.0, < 4.9.1 🔗 https://t.co/LqAJLXWbZd #CyberCron #VulnAlert https://t.co/gkhWZ8kVgg
@cybercronai
12 Feb 2025
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Vulnerabilidad RCE crítica descubierta en el servidor Wazuh ⚠️ CVE-2025-24016 (CVSS 9.9) https://t.co/yqQbGyHbN2… https://t.co/kXw1EMiGa3
@doncaptador
12 Feb 2025
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Vulnerabilidad RCE crítica descubierta en el servidor Wazuh ⚠️ CVE-2025-24016 (CVSS 9.9) https://t.co/rwrGlIA13i https://t.co/oyz5JWxjMr
@elhackernet
12 Feb 2025
9098 Impressions
42 Retweets
139 Likes
46 Bookmarks
0 Replies
1 Quote
CVE-2025-24016 (CVSS 9.9): Critical RCE Vulnerability Discovered in Wazuh Server https://t.co/CKK8iM03Lm
@Dinosn
12 Feb 2025
3223 Impressions
23 Retweets
56 Likes
12 Bookmarks
0 Replies
0 Quotes
CVE-2025-24016 (CVSS 9.9): Critical RCE Vulnerability Discovered in Wazuh Server Discover the details of CVE-2025-24016, a critical security vulnerability affecting the Wazuh platform. Learn how to protect your organization from potential attacks. https://t.co/o406w7bXbF
@the_yellow_fall
12 Feb 2025
1368 Impressions
9 Retweets
21 Likes
6 Bookmarks
0 Replies
1 Quote
[CVE-2025-24016: CRITICAL] Beware Wazuh users! A recent unsafe deserialization vulnerability (fixed in version 4.9.1) allows remote code execution on servers. Upgrade to stay secure! 🛡️ #cybersecurity#cybersecurity,#vulnerability https://t.co/r67gxsYOFn https://t.co/wu1Ina1ZeY
@CveFindCom
10 Feb 2025
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-24016 Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 4.4.0 and prior to version 4.9.1, an unsafe deserial… https://t.co/f7UCK1c1bi
@CVEnew
10 Feb 2025
312 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes