Wazuh Server Deserialization of Untrusted Data Vulnerability
Overdue
Wazuh / Wazuh Server
CWE-502
Description
Wazuh contains a deserialization of untrusted data vulnerability that allows for remote code execution on Wazuh servers.
Required Action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
References
Additional Information
- Catalog Version
- 2025.06.10
- Catalog Released
- June 10, 2025
- Days Until Due
- 0 days
- Last Updated
- 3 months, 1 week ago