CNNVD-202511-2453 Information

CNNVD ID

CNNVD-202511-2453

Related CVE

CVE-2025-64483

• CNNVD Published: 2025-11-21

Description (Chinese)

Wazuh是Wazuh开源的一个应用软件。用于收集，汇总，索引和分析安全数据，帮助组织检测入侵，威胁和行为异常。 Wazuh 4.9.0版本至4.13.0之前版本存在访问控制错误漏洞，该漏洞源于API配置不当，可能导致未经授权的代理注册。

Description (English)

Wazuh is an application from the Wazuh Open Source. For collection, aggregation, indexing and analysis of security data to help the organization detect invasions, threats and behavioural anomalies. Wazuh 4.9.0 to 41.3.0 had access control error loopholes, which stemmed from the inappropriate API configuration and could lead to unauthorized agency registration.

Hazard Level

High

Vulnerability Type

访问控制错误

Affected Vendor

Wazuh

Published

2025-11-21

Last Modified

2026-02-24

References

https://github.com/wazuh/wazuh-dashboard-plugins/security/advisories/GHSA-gwf3-8gm3-qrmj https://access.redhat.com/security/cve/cve-2025-64483

Patch

https://github.com/wazuh/wazuh/releases