CNNVD-202511-2451 Information
CNNVD ID
CNNVD-202511-2451
Related CVE
- CNNVD Published: 2025-11-21
Description (Chinese)
Wazuh是Wazuh开源的一个应用软件。用于收集,汇总,索引和分析安全数据,帮助组织检测入侵,威胁和行为异常。 Wazuh 4.13.0之前版本存在安全漏洞,该漏洞源于认证攻击者可通过恶意UNC路径强制NTLM身份验证,可能导致NTLM中继攻击,进而导致权限提升和远程代码执行。
Description (English)
Wazuh is an application from the Wazuh Open Source. For collection, aggregation, indexing and analysis of security data to help the organization detect invasions, threats and behavioural anomalies. There was a security loophole in the pre-Wazuh 4.13.0 version, which stemmed from the fact that a certified attacker could enforce NTLM identification through a malicious UNC path, which could lead to a NTLM repeat attack, which in turn could lead to a power upgrade and remote code enforcement.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
Wazuh
Published
2025-11-21
Last Modified
2026-02-24
References
https://github.com/wazuh/wazuh/security/advisories/GHSA-x697-jf34-gp5x https://github.com/wazuh/wazuh/pull/30060 https://github.com/wazuh/wazuh/commit/688972da589e5d40d2a81bcd738240303a3dc45a https://access.redhat.com/security/cve/cve-2025-30201
Patch
https://github.com/wazuh/wazuh/releases
Share on: