Zero Day MonitorZDM

← Back to list

6.5

CVE-2025-15617

wazuh · wazuh (github actions)

Wazuh GitHub Actions Workflow Exposure of Sensitive Credentials

Description

A vulnerability has been found in Wazuh 4.12.0 and classified as problematic. Impacted is an unknown function of the component GitHub Action Handler. This manipulation of the argument GITHUB_TOKEN causes insufficiently protected credentials. This vulnerability is tracked as CVE-2025-15617. The attack is possible to be carried out remotely.

Affected Products

Vendor	Product	Versions
wazuh	wazuh (github actions)	4.12.0

References

https://github.com/wazuh/wazuh/security/advisories/GHSA-6xqr-4q5g-xc7x(vendor-advisory)
https://www.vulncheck.com/advisories/exposure-of-the-github-token-in-wazuh-workflow-run-artifact(third-party-advisory)

Related News (2 articles)

Tier C

VulDB2d ago

CVE-2025-15617 | Wazuh 4.12.0 GitHub Action GITHUB_TOKEN insufficiently protected credentials (GHSA-6xqr-4q5g-xc7x)

→ No new info (linked only)

Tier C

VulDB2d ago

CVE-2025-15617 | Wazuh 4.12.0 GitHub Action GITHUB_TOKEN insufficiently protected credentials (GHSA-6xqr-4q5g-xc7x)

→ No new info (linked only)

CVSS 3.16.5 HIGH

CISA KEV❌ No

Actively exploited❌ No

CWECWE-522

PublishedMar 27, 2026

Last enriched2d agov3

Trending Score18

Source articles2

Independent1

Info Completeness8/14

Missing: epss, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

CRITICALCVE-2025-15615EXP

Wazuh Manager authd service Improper SSL/TLS Renegotiation Handling leading to Denial of Service

NONECVE-2023-7340EXP

Wazuh authd service (os_auth) Heap-based Buffer Overflow

CRITICALCVE-2025-15616EXP

Wazuh Agent and Manager OS Command Injection and Untrusted Search Path

CRITICALCVE-2025-15612

Wazuh Provisioning Scripts / Build Infrastructure Improper Certificate Validation leading to MITM and RCE

LOWCVE-2026-32984EXP

Heap buffer overflow in wazuh-authd

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Mar 27, 2026

Discovered by ZDM

Mar 27, 2026

Updated: severity

Mar 27, 2026

Updated: description

Mar 28, 2026

Version History

v3

Last enriched 2d ago

v3Tier C2d ago

Updated description with more technical detail and corrected exploit availability to false.

description

via VulDB

v2Tier C2d ago

Updated severity to HIGH and corrected exploit availability to false.

severity

via VulDB

v13d ago

Initial creation