Skip to main content

Wazuh Provisioning Scripts Agent Build Environment

1 CVEs product

Monthly

CVE-2025-15612 MEDIUM This Month

Wazuh provisioning scripts and container build environments disable SSL/TLS certificate validation by invoking curl with the -k/--insecure flag, enabling man-in-the-middle attackers to intercept and modify downloaded dependencies during the build process and achieve remote code execution within the agent build infrastructure and supply chain. Unauthenticated network attackers with positioning on the network path can exploit this with moderate complexity to compromise the integrity of Wazuh agent builds, affecting all downstream deployments. No public exploit code or active exploitation has been confirmed at the time of analysis.

RCE Wazuh Provisioning Scripts Agent Build Environment
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
0.0%
EPSS 0% CVSS 6.3
MEDIUM This Month

Wazuh provisioning scripts and container build environments disable SSL/TLS certificate validation by invoking curl with the -k/--insecure flag, enabling man-in-the-middle attackers to intercept and modify downloaded dependencies during the build process and achieve remote code execution within the agent build infrastructure and supply chain. Unauthenticated network attackers with positioning on the network path can exploit this with moderate complexity to compromise the integrity of Wazuh agent builds, affecting all downstream deployments. No public exploit code or active exploitation has been confirmed at the time of analysis.

RCE Wazuh Provisioning Scripts Agent Build Environment
NVD GitHub VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy