CVE-2025-24016

Published Feb 10, 2025

Last updated 12 days ago

CVSS critical 9.9

Overview

AI description

Generated using AI and has not been reviewed by Intruder. May contain errors.

CVE-2025-24016 is a critical remote code execution (RCE) vulnerability found in the Wazuh security platform, versions 4.4.0 through 4.9.0. It allows attackers to execute arbitrary code on affected Wazuh servers. The vulnerability arises from unsafe deserialization of DistributedAPI (DAPI) parameters. These parameters are serialized as JSON and then deserialized using the `as_wazuh_object` function. Attackers can exploit this by injecting a malicious, unsanitized dictionary into a DAPI request or response, leading to the execution of arbitrary Python code. This vulnerability can be exploited by anyone with API access, potentially including compromised dashboards, other Wazuh servers within a cluster, or even compromised agents, depending on the configuration. Wazuh has addressed this vulnerability in version 4.9.1. Users are strongly encouraged to update to this version to mitigate the risk of exploitation.

Description
Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 4.4.0 and prior to version 4.9.1, an unsafe deserialization vulnerability allows for remote code execution on Wazuh servers. DistributedAPI parameters are a serialized as JSON and deserialized using `as_wazuh_object` (in `framework/wazuh/core/cluster/common.py`). If an attacker manages to inject an unsanitized dictionary in DAPI request/response, they can forge an unhandled exception (`__unhandled_exc__`) to evaluate arbitrary python code. The vulnerability can be triggered by anybody with API access (compromised dashboard or Wazuh servers in the cluster) or, in certain configurations, even by a compromised agent. Version 4.9.1 contains a fix.
Source
security-advisories@github.com
NVD status
Received

Risk scores

CVSS 3.1

Type
Secondary
Base score
9.9
Impact score
6
Exploitability score
3.1
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:H
Severity
CRITICAL

Weaknesses

security-advisories@github.com
CWE-502

Social media

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score

1

  1. 🚨 🔥 CVE-2025-24016: Exploit en Wazuh Permite RCE vía Deserialización Insegura https://t.co/ZmxpjQ3qZI

    @tpx_Security

    22 Feb 2025

    114 Impressions

    2 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  2. [1day1line] CVE-2025-24016: RCE Vulnerability due to Insecure Deserialization in Wazuh Manager https://t.co/6rgGe3pxgy Hello, this is empty. Today's 1day1line is CVE-2025-24016, an RCE vulnerability caused by insecure deserialization in Wazuh, an open source SIEM. The… https://

    @hackyboiz

    22 Feb 2025

    331 Impressions

    6 Retweets

    6 Likes

    4 Bookmarks

    0 Replies

    0 Quotes

  3. Alhamdulillah, I’ve released a PoC for CVE-2025-24016 RCE in Wazuh server! Severity: 10 My GitHub PoC: https://t.co/G6Nl7aP3v0 Here is the reference: https://t.co/G6Nl7aP3v0 #CVE #RCE #BugBounty #CyberSecurity #Wazuh #InfoSec #Vulnerability #Exploit #SecurityResearch https://t.

    @wgujjer11

    21 Feb 2025

    1608 Impressions

    10 Retweets

    63 Likes

    29 Bookmarks

    1 Reply

    1 Quote

  4. Wazuh — Unsafe Deserialization RCE (CVE-2025-24016) An unsafe deserialization vulnerability in Wazuh servers allows remote code execution through unsanitized dictionary injection in DAPI requests/responses 🔗 Source: https://t.co/7BCC8IJnsq #wazuh #deserialization #rce #cve h

    @HackingTeam777

    18 Feb 2025

    4265 Impressions

    43 Retweets

    101 Likes

    41 Bookmarks

    0 Replies

    0 Quotes

  5. 🛡️¿Tu empresa usa WAZUH? Podrían APAGAR tus servidores en segundos Si tu empresa usa Wazuh para monitoreo y seguridad, podría estar en riesgo en este momento. Una nueva vulnerabilidad crítica (CVE-2025-24016, CVSS 9.9) permite que un atacante: 1. Tome control total del… http

    @CycuraMX

    14 Feb 2025

    151 Impressions

    0 Retweets

    3 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  6. CVE-2025-24016 Wazuh Unsafe Deserialization RCE Detection. Nuclei template to detect the unsafe deserialization vulnerability in Wazuh servers, identified as CVE-2025-24016 https://t.co/avLMulTGdd

    @cyber_advising

    13 Feb 2025

    916 Impressions

    1 Retweet

    18 Likes

    8 Bookmarks

    0 Replies

    0 Quotes

  7. CVE-2025-24016 Wazuh Unsafe Deserialization RCE Nuclei Template https://t.co/9nP75olF39

    @1337stif

    13 Feb 2025

    508 Impressions

    2 Retweets

    13 Likes

    4 Bookmarks

    0 Replies

    0 Quotes

  8. ⚠️⚠️ CVE-2025-24016 (CVSS 9.9): Critical RCE Vulnerability Discovered in Wazuh Server 🎯28k+ Results are found on the https://t.co/pb16tGYaKe nearly year. 🔥PoC: https://t.co/vdyBHOF1w1 🔗FOFA Link:https://t.co/oYwstlQGfB FOFA Query:app="Wazuh"… https://t.co/xVgAfQRpBW

    @fofabot

    13 Feb 2025

    991 Impressions

    5 Retweets

    12 Likes

    4 Bookmarks

    0 Replies

    0 Quotes

  9. 🚨Alert🚨 CVE-2025-24016 (CVSS 9.9): Critical RCE Vulnerability Discovered in Wazuh https://t.co/NRTOsR4Flu affects versions 4.4.0 through 4.9.1. 🔥PoC:https://t.co/kSaqSg3Xhq 📊 17.8K+Services are found on the https://t.co/ysWb28BTvF yearly. 🔗Hunter… https://t.co/XeJHhzGTWZ h

    @HunterMapping

    13 Feb 2025

    3195 Impressions

    28 Retweets

    70 Likes

    21 Bookmarks

    0 Replies

    0 Quotes

  10. 🚨 CVE-2025-24016 ⚠️🔴 CRITICAL (9.9) 🏢 wazuh - wazuh 🏗️ >= 4.4.0, < 4.9.1 🔗 https://t.co/LqAJLXWbZd #CyberCron #VulnAlert https://t.co/gkhWZ8kVgg

    @cybercronai

    12 Feb 2025

    26 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. 🚨 Vulnerabilidad RCE crítica descubierta en el servidor Wazuh ⚠️ CVE-2025-24016 (CVSS 9.9) https://t.co/yqQbGyHbN2… https://t.co/kXw1EMiGa3

    @doncaptador

    12 Feb 2025

    25 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. 🚨 Vulnerabilidad RCE crítica descubierta en el servidor Wazuh ⚠️ CVE-2025-24016 (CVSS 9.9) https://t.co/rwrGlIA13i https://t.co/oyz5JWxjMr

    @elhackernet

    12 Feb 2025

    9098 Impressions

    42 Retweets

    139 Likes

    46 Bookmarks

    0 Replies

    1 Quote

  13. CVE-2025-24016 (CVSS 9.9): Critical RCE Vulnerability Discovered in Wazuh Server https://t.co/CKK8iM03Lm

    @Dinosn

    12 Feb 2025

    3223 Impressions

    23 Retweets

    56 Likes

    12 Bookmarks

    0 Replies

    0 Quotes

  14. CVE-2025-24016 (CVSS 9.9): Critical RCE Vulnerability Discovered in Wazuh Server Discover the details of CVE-2025-24016, a critical security vulnerability affecting the Wazuh platform. Learn how to protect your organization from potential attacks. https://t.co/o406w7bXbF

    @the_yellow_fall

    12 Feb 2025

    1368 Impressions

    9 Retweets

    21 Likes

    6 Bookmarks

    0 Replies

    1 Quote

  15. [CVE-2025-24016: CRITICAL] Beware Wazuh users! A recent unsafe deserialization vulnerability (fixed in version 4.9.1) allows remote code execution on servers. Upgrade to stay secure! 🛡️ #cybersecurity#cybersecurity,#vulnerability https://t.co/r67gxsYOFn https://t.co/wu1Ina1ZeY

    @CveFindCom

    10 Feb 2025

    25 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  16. CVE-2025-24016 Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 4.4.0 and prior to version 4.9.1, an unsafe deserial… https://t.co/f7UCK1c1bi

    @CVEnew

    10 Feb 2025

    312 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References