Search criteria
2 vulnerabilities found for wazuh-dashboard-plugins by wazuh
CVE-2025-64483 (GCVE-0-2025-64483)
Vulnerability from nvd – Published: 2025-11-21 17:55 – Updated: 2026-02-06 19:24
VLAI?
Title
Wazuh API – Agent Configuration Has Improper Access Control in Agent Enrollment Endpoint
Summary
Wazuh is a security detection, visibility, and compliance open source project. From version 4.9.0 to before 4.13.0, the Wazuh API – Agent Configuration in certain configurations allows authenticated users with read-only API roles to retrieve agent enrollment credentials through the /utils/configuration endpoint. These credentials can be used to register new agents within the same Wazuh tenant without requiring elevated permissions through the UI. This issue has been patched in version 4.13.0.
Severity ?
CWE
- CWE-284 - Improper Access Control
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| wazuh | wazuh-dashboard-plugins |
Affected:
>= 4.9.0, < 4.13.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-64483",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-21T18:10:40.500567Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-21T18:10:54.710Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "wazuh-dashboard-plugins",
"vendor": "wazuh",
"versions": [
{
"status": "affected",
"version": "\u003e= 4.9.0, \u003c 4.13.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Wazuh is a security detection, visibility, and compliance open source project. From version 4.9.0 to before 4.13.0, the Wazuh API \u2013 Agent Configuration in certain configurations allows authenticated users with read-only API roles to retrieve agent enrollment credentials through the /utils/configuration endpoint. These credentials can be used to register new agents within the same Wazuh tenant without requiring elevated permissions through the UI. This issue has been patched in version 4.13.0."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T19:24:00.537Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/wazuh/wazuh-dashboard-plugins/security/advisories/GHSA-gwf3-8gm3-qrmj",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/wazuh/wazuh-dashboard-plugins/security/advisories/GHSA-gwf3-8gm3-qrmj"
},
{
"name": "https://github.com/wazuh/wazuh-dashboard-plugins/commit/eac859f1ad0bf5eb8b0dbc7ea7eeef4bd22c3722",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wazuh/wazuh-dashboard-plugins/commit/eac859f1ad0bf5eb8b0dbc7ea7eeef4bd22c3722"
}
],
"source": {
"advisory": "GHSA-gwf3-8gm3-qrmj",
"discovery": "UNKNOWN"
},
"title": "Wazuh API \u2013 Agent Configuration Has Improper Access Control in Agent Enrollment Endpoint"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-64483",
"datePublished": "2025-11-21T17:55:33.219Z",
"dateReserved": "2025-11-05T19:12:25.101Z",
"dateUpdated": "2026-02-06T19:24:00.537Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-64483 (GCVE-0-2025-64483)
Vulnerability from cvelistv5 – Published: 2025-11-21 17:55 – Updated: 2026-02-06 19:24
VLAI?
Title
Wazuh API – Agent Configuration Has Improper Access Control in Agent Enrollment Endpoint
Summary
Wazuh is a security detection, visibility, and compliance open source project. From version 4.9.0 to before 4.13.0, the Wazuh API – Agent Configuration in certain configurations allows authenticated users with read-only API roles to retrieve agent enrollment credentials through the /utils/configuration endpoint. These credentials can be used to register new agents within the same Wazuh tenant without requiring elevated permissions through the UI. This issue has been patched in version 4.13.0.
Severity ?
CWE
- CWE-284 - Improper Access Control
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| wazuh | wazuh-dashboard-plugins |
Affected:
>= 4.9.0, < 4.13.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-64483",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-21T18:10:40.500567Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-21T18:10:54.710Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "wazuh-dashboard-plugins",
"vendor": "wazuh",
"versions": [
{
"status": "affected",
"version": "\u003e= 4.9.0, \u003c 4.13.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Wazuh is a security detection, visibility, and compliance open source project. From version 4.9.0 to before 4.13.0, the Wazuh API \u2013 Agent Configuration in certain configurations allows authenticated users with read-only API roles to retrieve agent enrollment credentials through the /utils/configuration endpoint. These credentials can be used to register new agents within the same Wazuh tenant without requiring elevated permissions through the UI. This issue has been patched in version 4.13.0."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T19:24:00.537Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/wazuh/wazuh-dashboard-plugins/security/advisories/GHSA-gwf3-8gm3-qrmj",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/wazuh/wazuh-dashboard-plugins/security/advisories/GHSA-gwf3-8gm3-qrmj"
},
{
"name": "https://github.com/wazuh/wazuh-dashboard-plugins/commit/eac859f1ad0bf5eb8b0dbc7ea7eeef4bd22c3722",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wazuh/wazuh-dashboard-plugins/commit/eac859f1ad0bf5eb8b0dbc7ea7eeef4bd22c3722"
}
],
"source": {
"advisory": "GHSA-gwf3-8gm3-qrmj",
"discovery": "UNKNOWN"
},
"title": "Wazuh API \u2013 Agent Configuration Has Improper Access Control in Agent Enrollment Endpoint"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-64483",
"datePublished": "2025-11-21T17:55:33.219Z",
"dateReserved": "2025-11-05T19:12:25.101Z",
"dateUpdated": "2026-02-06T19:24:00.537Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}