CVE-2026-25770

HIGH EPSS 57.4%
Published Mar 17, 20263mo ago · Modified Jun 17, 20262w ago
7.2 CVSS 3.1
High
Find Similar
Published Mar 17, 2026 3mo ago
Last Modified Jun 17, 2026 2w ago

Description

Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 3.9.0 and prior to version 4.14.3, a privilege escalation vulnerability exists in the Wazuh Manager's cluster synchronization protocol. The `wazuh-clusterd` service allows authenticated nodes to write arbitrary files to the manager’s file system with the permissions of the `wazuh` system user. Due to insecure default permissions, the `wazuh` user has write access to the manager's main configuration file (`/var/ossec/etc/ossec.conf`). By leveraging the cluster protocol to overwrite `ossec.conf`, an attacker can inject a malicious `<localfile>` command block. The `wazuh-logcollector` service, which runs as root, parses this configuration and executes the injected command. This chain allows an attacker with cluster credentials to gain full Root Remote Code Execution, violating the principle of least privilege and bypassing the intended security model. Version 4.14.3 fixes the issue.

CVSS Details

Base Score
7.2
Exploitability
1.2
Impact
5.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector Network
Attack Complexity Low
Privileges Required High
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
57.4% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available

Weaknesses 3

CWE-22 Path Traversal Resource Mgmt
CWE-269 Improper Privilege Management Authorization
CWE-732

Affected Products 1

VendorProductVersionRange
wazuhwazuh*≥3.9.0  –  <4.14.3

References 1

  • github.com https://github.com/wazuh/wazuh/security/advisories/GHSA-r4f7-v3p6-79jm
    ExploitMitigationVendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.