CNNVD-202510-3977 Information

CNNVD ID

CNNVD-202510-3977

Related CVE

CVE-2025-62787

• CNNVD Published: 2025-10-29

Description (Chinese)

Wazuh是Wazuh开源的一个应用软件。用于收集，汇总，索引和分析安全数据，帮助组织检测入侵，威胁和行为异常。 Wazuh 4.10.2之前版本存在安全漏洞，该漏洞源于DecodeWinevt函数中存在缓冲区过度读取，可能导致敏感数据泄露。

Description (English)

Wazuh is an application from the Wazuh Open Source. For collection, aggregation, indexing and analysis of security data to help the organization detect invasions, threats and behavioural anomalies. There was a security loophole in the pre-Wazuh 4.10.2 version, which stemmed from the overreading of the buffer zone in the Decode Winevt function, which could lead to the leakage of sensitive data.

Hazard Level

Critical

Vulnerability Type

其他

Affected Vendor

Wazuh

Published

2025-10-29

Last Modified

2026-02-24

References

https://github.com/wazuh/wazuh/commit/267d5d55de490469a9ec24a2b936bb3c5aa8fdda https://github.com/wazuh/wazuh/security/advisories/GHSA-3hhq-5367-98q6 https://access.redhat.com/security/cve/cve-2025-62787

Patch

https://wazuh.com/