CVE-2025-30201

Exploit

EPSS 0.18%
Veröffentlicht 21.11.2025 18:17:37
Zuletzt bearbeitet 02.12.2025 16:45:54
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Wazuh is a free and open source platform used for threat prevention, detection, and response. Prior to version 4.13.0, a vulnerability in Wazuh Agent allows authenticated attackers to force NTLM authentication through malicious UNC paths in various agent configuration settings, potentially leading NTLM relay attacks that would result privilege escalation and remote code execution. This issue has been patched in version 4.13.0.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 6

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Wazuh ≫ Wazuh Version < 4.13.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.18%	0.402

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.1	2.3	6	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
security-advisories@github.com	7.7	1.3	5.8	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N

CWE-294 Authentication Bypass by Capture-replay

A capture-replay flaw exists when the design of the product makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes).

CWE-73 External Control of File Name or Path

The product allows user input to control or influence paths or file names that are used in filesystem operations.

https://github.com/wazuh/wazuh/security/advisories/GHSA-x697-jf34-gp5x

Vendor Advisory

Exploit

https://github.com/wazuh/wazuh/pull/30060

Issue Tracking

https://github.com/wazuh/wazuh/commit/688972da589e5d40d2a81bcd738240303a3dc45a

Patch

https://nvd.nist.gov/vuln/detail/CVE-2025-30201

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-30201

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-30201

EUVD