Missing ACL Vulnerability in Wazuh Agent Exposing Passwords
CVE-2025-54866

1.8LOW

Key Information:

Vendor

Wazuh

Status
Wazuh
Vendor
CVE Published:
21 November 2025

What is CVE-2025-54866?

The Wazuh Agent, which is a key component of the open-source security platform for threat detection and response, suffers from a vulnerability due to a missing Access Control List on the file located at 'C:\Program Files (x86)\ossec-agent\authd.pass'. This flaw allows any authenticated user on the local machine to gain unauthorized access to sensitive authentication credentials. This vulnerability has been addressed with patches released in version 4.13.0 of the Wazuh Agent, which implements appropriate ACL settings to secure password information.

Affected Version(s)

wazuh >= 4.3.0, < 4.13.0

References

https://github.com/wazuh/wazuh/security/advisories/GHSA-m...
x_refsource_CONFIRM
https://github.com/wazuh/wazuh/pull/31187
x_refsource_MISC
https://github.com/wazuh/wazuh/commit/606f19e688944ebe5d2...
x_refsource_MISC

CVSS V4

Score:
1.8
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.