Zero Day MonitorZDM

← Back to list

4.8

CVE-2025-15612

wazuh · wazuh provisioning scripts (agent build environment)

Wazuh Provisioning Scripts / Build Infrastructure Improper Certificate Validation leading to MITM and RCE

Description

Wazuh provisioning scripts and Dockerfiles contain an insecure transport vulnerability where curl is invoked with the -k/--insecure flag, disabling SSL/TLS certificate validation. Attackers with network access can perform man-in-the-middle attacks to intercept and modify downloaded dependencies or code during the build process, leading to remote code execution and supply chain compromise.

Affected Products

Vendor	Product	Versions
wazuh	wazuh provisioning scripts (agent build environment)	>=4.1.3, >=4.13.0

References

Related News (3 articles)

Tier B

BSI Advisories7h ago

[NEU] [mittel] Wazuh: Mehrere Schwachstellen

→ No new info (linked only)

Tier C

VulDB2d ago

CVE-2025-15612 | Wazuh up to 4.1.3/4.13.x TLS Certificate Validation certificate validation (GHSA-wvg9-7q49-c7mg)

→ No new info (linked only)

Tier C

VulDB2d ago

CVE-2025-15612 | Wazuh up to 4.1.3/4.13.x TLS Certificate Validation certificate validation (GHSA-wvg9-7q49-c7mg)

→ No new info (linked only)

CVSS 3.14.8 CRITICAL

CISA KEV❌ No

Actively exploited❌ No

CWECWE-295, CWE-829

Published3/27/2026

Last enriched2d agov3

Tags

CVE-2025-15612

Trending Score41

Source articles3

Independent2

Info Completeness8/14

Missing: epss, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

CRITICALCVE-2025-15615EXP

Wazuh Manager authd service Improper SSL/TLS Renegotiation Handling leading to Denial of Service

NONECVE-2023-7340EXP

Wazuh authd service (os_auth) Heap-based Buffer Overflow

CRITICALCVE-2025-15616EXP

Wazuh Agent and Manager OS Command Injection and Untrusted Search Path

LOWCVE-2026-32984EXP

Heap buffer overflow in wazuh-authd

HIGHCVE-2025-15617

Wazuh GitHub Actions Workflow Exposure of Sensitive Credentials

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Mar 27, 2026

Discovered by ZDM

Mar 27, 2026

Updated: severity, tags

Mar 27, 2026

Updated: affectedVersions

Mar 28, 2026

Version History

v3

Last enriched 2d ago

v3Tier C2d ago

Updated affected versions to include >=4.13.0 and corrected exploit availability to false.

affectedVersions

via VulDB

v2Tier C2d ago

Updated severity to CRITICAL, noted no exploit available, and added CVE-2025-15612 as a tag.

severitytags

via VulDB

v12d ago

Initial creation