CVE-2025-24016

CVE-2025-24016: RCE in Wazuh Server

This repository demonstrates the remote code execution (RCE) vulnerability in the Wazuh server, introduced by unsafe deserialization in the wazuh-manager package. The vulnerability allows remote attackers with API access to execute arbitrary code on the server.

Key Features

• Vulnerability Overview: Detailed discussion of the RCE vulnerability
• Affected Versions: Information on which versions are impacted
• Proof of Concept: A practical demonstration of the vulnerability
• Mitigation Advice: Recommendations on how to protect systems by upgrading to patched versions

Benefits

• Helps developers and security teams understand the risks associated with the Wazuh server.
• Provides a method to test for vulnerabilities in current systems using a provided Proof of Concept.

Highlights

• RCE triggered via the run_as endpoint in Wazuh API.
• Explains the impact and how to reproduce the vulnerability effectively using specific conditions.