Wazuh provisioning scripts and Dockerfiles contain an insecure transport vulnerability where curl is invoked with the -k/--insecure flag, disabling SSL/TLS certificate validation. Attackers with network access can perform man-in-the-middle attacks to intercept and modify downloaded dependencies or code during the build process, leading to remote code execution and supply chain compromise.
| Vendor | Product | Versions |
|---|---|---|
| wazuh | wazuh provisioning scripts (agent build environment) | >=4.1.3, >=4.13.0 |
Updated affected versions to include >=4.13.0 and corrected exploit availability to false.
Updated severity to CRITICAL, noted no exploit available, and added CVE-2025-15612 as a tag.
Initial creation
