CVE-2025-15612
MEDIUMWazuh Provisioning Scripts / Build Infrastructure Improper Certificate Validation leading to MITM and RCE
Title source: cnaDescription
Wazuh provisioning scripts and Dockerfiles contain an insecure transport vulnerability where curl is invoked with the -k/--insecure flag, disabling SSL/TLS certificate validation. Attackers with network access can perform man-in-the-middle attacks to intercept and modify downloaded dependencies or code during the build process, leading to remote code execution and supply chain compromise.
References (2)
Core 2
Core References
Vendor Advisory vendor-advisory
https://github.com/wazuh/wazuh/security/advisories/GHSA-wvg9-7q49-c7mg
Third Party Advisory third-party-advisory
https://www.vulncheck.com/advisories/various-uses-of-curl-without-verifying-the-authenticity-of-the-ssl-certificate-leading-to-mitm-rce-in-build-infrastructure
Scores
CVSS v3
4.8
EPSS
0.0022
EPSS Percentile
11.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-295
CWE-829
Status
published
Products (3)
wazuh/wazuh
4.1.3 - 4.14.0
Wazuh/Wazuh Provisioning Scripts (Agent Build Environment)
>=4.1.3
Wazuh/Wazuh Provisioning Scripts (Agent Build Environment)
>=4.14.0
Published
Mar 27, 2026
Tracked Since
Mar 29, 2026