9.1

CVE-2025-30201

Exploit

Wazuh NetNTLMv2 Hash Theft In Multiple Centralized Configuration Capabilities

Wazuh is a free and open source platform used for threat prevention, detection, and response. Prior to version 4.13.0, a vulnerability in Wazuh Agent allows authenticated attackers to force NTLM authentication through malicious UNC paths in various agent configuration settings, potentially leading NTLM relay attacks that would result privilege escalation and remote code execution. This issue has been patched in version 4.13.0.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
WazuhWazuh Version < 4.13.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.69% 0.478
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.1 2.3 6
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
security-advisories@github.com 7.7 1.3 5.8
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N
CWE-294 Authentication Bypass by Capture-replay

A capture-replay flaw exists when the design of the product makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes).

CWE-73 External Control of File Name or Path

The product allows user input to control or influence paths or file names that are used in filesystem operations.

https://github.com/wazuh/wazuh/security/advisories/GHSA-x697-jf34-gp5x
Vendor Advisory
Exploit
https://github.com/wazuh/wazuh/pull/30060
Issue Tracking
https://github.com/wazuh/wazuh/commit/688972da589e5d40d2a81bcd738240303a3dc45a
Patch