Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact
9.9
CVSSv3

CVE-2025-24016

CVSSv4: NA | CVSSv3: 9.9 | CVSSv2: NA | VMScore: 1000 | EPSS: 0.49431 | KEV: Not Included
Published: 10/02/2025 Updated: 10/02/2025

Vulnerability Summary

Remote Code Execution in Wazuh Servers via Unsafe Deserialization Vulnerability

A remote code execution vulnerability exists in Wazuh, a free and open source threat prevention platform, affecting versions 4.4.0 through 4.9.0. The issue stems from unsafe deserialization in the DistributedAPI parameters, which are serialized as JSON and deserialized using `as_wazuh_object`. An attacker with API access can inject an unsanitized dictionary in a DAPI request/response and forge an unhandled exception (`__unhandled_exc__`) to evaluate arbitrary Python code. This vulnerability can be triggered by somebody with access to a compromised dashboard, Wazuh server in the cluster, or potentially by a compromised agent depending on specific configurations. Wazuh version 4.9.1 includes a fix for this security issue.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

wazuh wazuh

Github Repositories

https://github.com/0xjessie21/CVE-2025-24016

CVE-2025-24016

CVE-2025-24016 CVE-2025-24016

https://github.com/MuhammadWaseem29/CVE-2025-24016

CVE-2025-24016

https://github.com/ncx0r/Evil-Wazuh-Lab

Evil-Wazuh-Lab

Evil Wazuh Lab (EWL) EWL is a project that pretends to provide a controlled environment pointing to cyber-training (initially from a "Home Lab and CTF style" perspective, but future work will seek real-world applicability) and it is based on the recently vulnerability discovered on Wazuh, specifically the CVE-2025-24016 EWL is inspired on this highly detailed post,

https://github.com/ncx0r/Evil-Wazuh-Lab-tmp

Evil-Wazuh-Lab

Evil Wazuh Lab (EWL) EWL is a project that pretends to provide a controlled environment pointing to cyber-training (initially from a "Home Lab and CTF style" perspective, but future work will seek real-world applicability) and it is based on the recently vulnerability discovered on Wazuh, specifically the CVE-2025-24016 EWL is inspired on this highly detailed post,

https://github.com/huseyinstif/CVE-2025-24016-Nuclei-Template

CVE-2025-24016 Wazuh Unsafe Deserialization RCE Detection This repository contains a Nuclei template to detect the unsafe deserialization vulnerability in Wazuh servers, identified as CVE-2025-24016 Template Details id: wazuh-unsafe-deserialization info: name: "Wazuh Unsafe Deserialization RCE Detection" author: "Hüseyin TINTAŞ" severity: critic

https://github.com/cybersecplayground/CVE-2025-24016-Wazuh-Remote-Code-Execution-RCE---PoC

A critical RCE vulnerability has been identified in the Wazuh server due to unsafe deserialization in the wazuh-manager package. This bug affects Wazuh versions ≥ 4.4.0 and has been patched in version 4.9.1.

CVE-2025-24016-Wazuh-Remote-Code-Execution-RCE---PoC A critical RCE vulnerability has been identified in the Wazuh server due to unsafe deserialization in the wazuh-manager package This bug affects Wazuh versions ≥ 440 and has been patched in version 491

References

CWE-502https://nvd.nist.govhttps://github.com/0xjessie21/CVE-2025-24016https://www.first.org/epsshttps://github.com/wazuh/wazuh/security/advisories/GHSA-hcrc-79hj-m3qh
Preferred Score:
CVSSv3
CVSSv2
CVSSv3
CVSSv4
EPSS
VMScore
Recommendations:
CVE-2025-46541gopiplus@hotmail.comCVE-2025-46461privilegeCVE-2025-46473CVE-2025-30406trân minh-quânXSSdeserializationCVE-2025-46507wp filter post categoryCVE-2025-21204padam shankhadev
Home
/
Search Results
/
CVE-2025-24016
Vulmon Logo Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook