CVE-2025-24016: Wazuh server vulnerable to remote code execution

April 22, 2025

An unsafe deserialization vulnerability allows for remote code execution on Wazuh servers. The vulnerability can be triggered by anybody with API access (compromised dashboard or Wazuh servers in the cluster) or, in certain configurations, even by a compromised agent.

References

github.com/advisories/GHSA-hcrc-79hj-m3qh
github.com/wazuh/wazuh
github.com/wazuh/wazuh/security/advisories/GHSA-hcrc-79hj-m3qh
nvd.nist.gov/vuln/detail/CVE-2025-24016

Code Behaviors & Features

Detect and mitigate CVE-2025-24016 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →