CVE-2025-15617

Exploit

EPSS 0.39%
Veröffentlicht 27.03.2026 18:16:03
Zuletzt bearbeitet 31.03.2026 17:58:15
Quelle disclosure@vulncheck.com
CVE-Watchlists
Login
Unerledigt
Login

Wazuh GitHub Actions Workflow Exposure of Sensitive Credentials

Wazuh version 4.12.0 contains an exposure vulnerability in GitHub Actions workflow artifacts that allows attackers to extract the GITHUB_TOKEN from uploaded artifacts. Attackers can use the exposed token within a limited time window to perform unauthorized actions such as pushing malicious commits or altering release tags.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 5

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Wazuh ≫ Wazuh Version4.12.0

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.39%	0.303

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.1	2.2	5.9	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
disclosure@vulncheck.com	8.3	0	0	CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
disclosure@vulncheck.com	6.5	2.2	4.2	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L

CWE-522 Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

https://github.com/wazuh/wazuh/security/advisories/GHSA-6xqr-4q5g-xc7x

Vendor Advisory

Exploit

https://www.vulncheck.com/advisories/exposure-of-the-github-token-in-wazuh-workflow-run-artifact

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-15617

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-15617

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-15617

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-15617