Buffer Over-Read Vulnerability in Wazuh Platform by Wazuh
CVE-2025-62787

2.1LOW

Key Information:

Vendor: Wazuh
Status: Wazuh
Vendor: CVE Published:; 29 October 2025

What is CVE-2025-62787?

Wazuh, an open-source platform for threat prevention, detection, and response, exhibits a buffer over-read vulnerability prior to version 4.10.2. The issue arises within the DecodeWinevt() function, specifically during the access of child_attr[p]->attributes[j], where the index (j) can become incorrect. This vulnerability allows a malicious actor to exploit the buffer over-read when sending specially crafted messages to the Wazuh manager. If certain configuration options (analysisd.debug=2) are applied, the integrity of sensitive information may be compromised through unauthorized READ operations that extend beyond the designated buffer limits. The issue has been remediated in version 4.10.2.

Affected Version(s)

wazuh < 4.10.2

References

https://github.com/wazuh/wazuh/security/advisories/GHSA-3...

x_refsource_CONFIRM

https://github.com/wazuh/wazuh/commit/267d5d55de490469a9e...

x_refsource_MISC

CVSS V4

Score:

2.1

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 29, 2025
Vulnerability Reserved
Oct 22, 2025

JSON