Wazuh Server 4.0.0 < 4.14.3 RCE

The version of Wazuh Server on the remote host is at least 4.0.0 and prior to 4.14.3. It is, therefore, affected by a remote code execution vulnerability: - A deserialization of untrusted data vulnerability exists in Wazuh's cluster mode master/worker architecture. An attacker who gains access to...

Wazuh server remote code execution caused by an unsafe deserialization vulnerability.

Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 4.4.0 and prior to version 4.9.1, an unsafe deserialization vulnerability allows for remote code execution on Wazuh servers. DistributedAPI parameters are serialized as JSON and...

📄 Wazuh Server Remote Code Execution

Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 4.4.0 and prior to version 4.9.1, an unsafe deserialization vulnerability allows for remote code execution on Wazuh servers. DistributedAPI parameters are serialized as JSON and...

Two Distinct Botnets Exploit Wazuh Server Vulnerability to Launch Mirai-Based Attacks

A now-patched critical security flaw in the Wazur Server is being exploited by threat actors to drop two different Mirai botnet variants and use them to conduct distributed denial-of-service DDoS attacks. Akamai, which first discovered the exploitation efforts in late March 2025, said the malicio...

Wazuh Server 4.4.0 < 4.9.1 RCE

The version of Wazuh Server on the remote host is at least 4.4.0 and prior to 4.9.1. It is, therefore, affected by a remote code execution vulnerability: - Starting in version 4.4.0 and prior to version 4.9.1, an unsafe deserialization vulnerability allows for remote code execution on Wazuh...

Wazuh Server Installed (Linux / UNIX)

Binary data wazuhservernixinstalled.nbin...

Wazuh server vulnerable to remote code execution

Summary An unsafe deserialization vulnerability allows for remote code execution on Wazuh servers. The vulnerability can be triggered by anybody with API access compromised dashboard or Wazuh servers in the cluster or, in certain configurations, even by a compromised agent. Details DistributedAPI...

GHSA-HCRC-79HJ-M3QH Wazuh server vulnerable to remote code execution

Summary An unsafe deserialization vulnerability allows for remote code execution on Wazuh servers. The vulnerability can be triggered by anybody with API access compromised dashboard or Wazuh servers in the cluster or, in certain configurations, even by a compromised agent. Details DistributedAPI...

GO-2025-3459 Remote code execution in Wazuh server in github.com/wazuh/wazuh

Remote code execution in Wazuh server in github.com/wazuh/wazuh...

CVE-2025-24016 Remote code execution in Wazuh server

Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 4.4.0 and prior to version 4.9.1, an unsafe deserialization vulnerability allows for remote code execution on Wazuh servers. DistributedAPI parameters are a serialized as JSON and...

CVE-2025-24016 Remote code execution in Wazuh server

Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 4.4.0 and prior to version 4.9.1, an unsafe deserialization vulnerability allows for remote code execution on Wazuh servers. DistributedAPI parameters are a serialized as JSON and...