Zero Day MonitorZDM

← Back to list

6.7

CVE-2025-15616EXPLOITED

wazuh · wazuh-agent

Wazuh Agent and Manager OS Command Injection and Untrusted Search Path

Description

Wazuh wazuh-agent and wazuh-manager versions 2.1.0 before 4.8.0 contain multiple shell injection and untrusted search path vulnerabilities that allow attackers to execute arbitrary commands through various components including logcollector configuration, maild SMTP server tags, and Kaspersky AR script parameters. Attackers can exploit these vulnerabilities by injecting malicious commands through configuration files, SMTP server settings, and custom flags to achieve remote code execution on affected systems.

Affected Products

Vendor	Product	Versions
wazuh	wazuh-agent	2.1.0, 2.1.0, 4.7.x

References

https://github.com/wazuh/wazuh/security/advisories/GHSA-522v-p59v-58gm(vendor-advisory)
https://www.vulncheck.com/advisories/multiple-vulnerabilities-related-to-shell-injection-and-path-traversal-flaws(third-party-advisory)

Related News (3 articles)

Tier B

BSI Advisories7h ago

[NEU] [mittel] Wazuh: Mehrere Schwachstellen

→ No new info (linked only)

Tier C

VulDB2d ago

CVE-2025-15616 | Wazuh up to 4.7.x code injection (GHSA-522v-p59v-58gm)

→ No new info (linked only)

Tier C

VulDB2d ago

CVE-2025-15616 | Wazuh up to 4.7.x code injection (GHSA-522v-p59v-58gm)

→ No new info (linked only)

CVSS 3.16.7 CRITICAL

CISA KEV❌ No

Actively exploited✅ Yes

CWECWE-94

Published3/27/2026

Last enriched2d agov2

Trending Score68

Source articles3

Independent2

Info Completeness8/14

Missing: epss, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

CRITICALCVE-2025-15615EXP

Wazuh Manager authd service Improper SSL/TLS Renegotiation Handling leading to Denial of Service

NONECVE-2023-7340EXP

Wazuh authd service (os_auth) Heap-based Buffer Overflow

CRITICALCVE-2025-15612

Wazuh Provisioning Scripts / Build Infrastructure Improper Certificate Validation leading to MITM and RCE

LOWCVE-2026-32984EXP

Heap buffer overflow in wazuh-authd

HIGHCVE-2025-15617

Wazuh GitHub Actions Workflow Exposure of Sensitive Credentials

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Mar 27, 2026

Discovered by ZDM

Mar 27, 2026

Actively Exploited

Mar 27, 2026

Updated: severity, affectedVersions, activelyExploited

Mar 27, 2026

Version History

v2

Last enriched 2d ago

v2Tier C2d ago

Updated severity to CRITICAL, added affected version 4.7.x, and marked as actively exploited.

severityaffectedVersionsactivelyExploited

via VulDB

v13d ago

Initial creation