Insecure Transport Vulnerability in Wazuh Provisioning Scripts and Dockerfiles
CVE-2025-15612

6.3MEDIUM

Key Information:

Vendor: Wazuh
Status: Wazuh Provisioning Scripts (agent Build Environment)
Vendor: CVE Published:; 27 March 2026

What is CVE-2025-15612?

The vulnerability arises from the use of the -k/--insecure flag with curl in Wazuh provisioning scripts and Dockerfiles, which disables SSL/TLS certificate validation. This flaw exposes the build process to potential man-in-the-middle attacks, allowing malicious actors with network access to intercept and tamper with downloaded dependencies or code, thereby compromising the integrity of the software supply chain and leading to unauthorized remote code execution.

Affected Version(s)

Wazuh Provisioning Scripts (Agent Build Environment) >=4.1.3 >= 4.1.3

Wazuh Provisioning Scripts (Agent Build Environment) >=4.14.0 >= 4.14.0

References

https://github.com/wazuh/wazuh/security/advisories/GHSA-w...

vendor-advisory

https://www.vulncheck.com/advisories/various-uses-of-curl...

third-party-advisory

CVSS V4

Score:

6.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 27, 2026
Vulnerability Reserved
Mar 20, 2026

Credit

JLLeitschuh

vikman90

CVE-2025-15612 Data

JSON