CVE-2025-15616 Wazuh Agent and Manager OS Command Injection and Untrusted Search Path

🗓️ 27 Mar 2026 16:38:20Reported by VulnCheckType

Wazuh agent and manager have shell injection and path traversal flaws enabling remote code execution.

Reporter	Title	Published	Views	Family All 8
ATTACKERKB	CVE-2025-15616	27 Mar 202616:38	–	attackerkb
CNNVD	Wazuh 代码注入漏洞	27 Mar 202600:00	–	cnnvd
CVE	CVE-2025-15616	27 Mar 202616:38	–	cve
EUVD	EUVD-2025-209103	27 Mar 202618:31	–	euvd
NVD	CVE-2025-15616	27 Mar 202617:16	–	nvd
Positive Technologies	PT-2026-28279	27 Mar 202600:00	–	ptsecurity
RedhatCVE	CVE-2025-15616	28 Mar 202616:59	–	redhatcve
Vulnrichment	CVE-2025-15616 Wazuh Agent and Manager OS Command Injection and Untrusted Search Path	27 Mar 202616:38	–	vulnrichment

[
  {
    "vendor": "Wazuh",
    "product": "wazuh-agent",
    "packageName": "wazuh-agent",
    "versions": [
      {
        "version": "2.1.0",
        "lessThan": "4.8.0",
        "status": "affected",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "Wazuh",
    "product": "wazuh-manager",
    "packageName": "wazuh-manager",
    "versions": [
      {
        "version": "2.1.0",
        "lessThan": "4.8.0",
        "status": "affected",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
github	www.github.com/wazuh/wazuh/security/advisories/GHSA-522v-p59v-58gm
vulncheck	www.vulncheck.com/advisories/multiple-vulnerabilities-related-to-shell-injection-and-path-traversal-flaws

27 Mar 2026 19:46Current

CVSS 3.16.7

CVSS 47.1

EPSS0.01625

CWE-94