anonhaven
Ad

CVE-2025-30201

HIGH CVSS 3.1: 7.7 EPSS 0.28%
Updated Dec 02, 2025
Wazuh
Parameter Value
CVSS 7.7 (HIGH)
Affected Versions before 4.13.0
Fixed In 4.13.0
Type CWE-294 (Authentication Bypass by Capture-Replay), CWE-73 (External Control of File Name or Path)
Vendor Wazuh
Public PoC No

Wazuh is a free and open source platform used for threat prevention, detection, and response. Prior to version 4.13.0, a vulnerability in Wazuh Agent allows authenticated attackers to force NTLM authentication through malicious UNC paths in various agent configuration settings, potentially leading NTLM relay attacks that would result privilege escalation and remote code execution. This issue has been patched in version 4.13.0.

Attack Parameters

Attack Vector
Network
Can be exploited remotely
Attack Complexity
High
Difficult to exploit
Privileges Required
High
Admin privileges needed
User Interaction
None
No user interaction needed

Impact Assessment

Confidentiality
High
Complete data leak
Integrity
High
Complete data modification
Availability
None
No disruption

CVSS Vector v3.1

Weakness Type (CWE)

CWE-294 Authentication Bypass by Capture-Replay
CWE-73 External Control of File Name or Path

Vulnerable Products 1

Configuration From (including) Up to (excluding)
Wazuh Wazuh
cpe:2.3:a:wazuh:wazuh:*:*:*:*:*:*:*:*
 4.13.0

References 3

https://github.com/wazuh/wazuh/commit/688972da589e5d40d2a81bcd738240303a3dc45a
security-advisories@github.com
https://github.com/wazuh/wazuh/pull/30060
security-advisories@github.com
https://github.com/wazuh/wazuh/security/advisories/GHSA-x697-jf34-gp5x
security-advisories@github.com
Share Post Share Share Share

Related Vulnerabilities

CVE-2026-25770

Wazuh

9.1

CVE-2026-25769

Wazuh

9.1

CVE-2025-64483

Wazuh

5.3

CVE-2025-62792

Wazuh

7.5

CVE-2025-62791

Wazuh

7.5