CNNVD-202511-2448 Information
CNNVD ID
CNNVD-202511-2448
Related CVE
- CNNVD Published: 2025-11-21
Description (Chinese)
Wazuh是Wazuh开源的一个应用软件。用于收集,汇总,索引和分析安全数据,帮助组织检测入侵,威胁和行为异常。 Wazuh 4.3.0版本至4.13.0之前版本存在安全漏洞,该漏洞源于authd.pass文件缺少ACL,可能导致密码泄露。
Description (English)
Wazuh is an application from the Wazuh Open Source. For collection, aggregation, indexing and analysis of security data to help the organization detect invasions, threats and behavioural anomalies. Wazuh 4.3.0 to 41.3.0 had a security loophole, which stemmed from the lack of ACL in the mouthd.pass file and could lead to a password leak.
Hazard Level
Critical
Vulnerability Type
其他
Affected Vendor
Wazuh
Published
2025-11-21
Last Modified
2026-02-24
References
https://github.com/wazuh/wazuh/commit/606f19e688944ebe5d28d72eb81ac36f8fffb143 https://github.com/wazuh/wazuh/security/advisories/GHSA-mvfx-ph7m-qm37 https://github.com/wazuh/wazuh/pull/31187 https://github.com/wazuh/wazuh/releases/tag/v4.13.0 https://access.redhat.com/security/cve/cve-2025-54866
Patch
https://github.com/wazuh/wazuh/releases
Share on: