2 matches found
CVE-2025-15612 Wazuh Provisioning Scripts / Build Infrastructure Improper Certificate Validation leading to MITM and RCE
Wazuh provisioning scripts and Dockerfiles contain an insecure transport vulnerability where curl is invoked with the -k/--insecure flag, disabling SSL/TLS certificate validation. Attackers with network access can perform man-in-the-middle attacks to intercept and modify downloaded dependencies o...
PT-2026-28277
Name of the Vulnerable Software and Affected Versions Wazuh affected versions not specified Description The software contains an insecure transport issue due to the use of the -k or --insecure flag with curl, which disables SSL/TLS certificate validation. This allows attackers with network access...