Home

Description

Wazuh is a security detection, visibility, and compliance open source project. From version 4.9.0 to before 4.13.0, the Wazuh API – Agent Configuration in certain configurations allows authenticated users with read-only API roles to retrieve agent enrollment credentials through the /utils/configuration endpoint. These credentials can be used to register new agents within the same Wazuh tenant without requiring elevated permissions through the UI. This issue has been patched in version 4.13.0.

PUBLISHED Reserved 2025-11-05 | Published 2025-11-21 | Updated 2025-11-21 | Assigner GitHub_M




MEDIUM: 5.3CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Problem types

CWE-284: Improper Access Control

Product status

>= 4.9.0, < 4.13.0
affected

References

github.com/...lugins/security/advisories/GHSA-gwf3-8gm3-qrmj

cve.org (CVE-2025-64483)

nvd.nist.gov (CVE-2025-64483)

Download JSON