CVE-2025-24016

This is a functional exploit PoC for CVE-2025-24016, targeting an unsafe deserialization vulnerability in Wazuh servers. It leverages dictionary injection in DAPI requests to achieve remote code execution via a reverse shell.

This PoC exploits a deserialization vulnerability in Wazuh to achieve remote code execution (RCE) via a crafted JSON payload. It establishes a reverse shell to a specified IP and port using a bash command injected through the `__unhandled_exc__` key.

This PoC demonstrates a remote code execution (RCE) vulnerability in Wazuh server due to unsafe deserialization in the `wazuh-manager` package. The exploit leverages the `run_as` endpoint to inject malicious payloads, leading to arbitrary code execution on the server.

This repository contains a Nuclei template designed to detect an unsafe deserialization vulnerability (CVE-2025-24016) in Wazuh servers. The template sends a crafted JSON payload to trigger a NameError, indicating the presence of the vulnerability.

This repository contains a Nuclei HTTP template for detecting CVE-2025-24016, an unsafe deserialization vulnerability in Wazuh web interface versions 4.4.0 to 4.9.0. The template checks for the presence of the Wazuh UI and confirms the version range to identify potential exposure to RCE.

This repository contains a functional PoC for CVE-2025-24016, exploiting unsafe deserialization in Wazuh's DistributedAPI to achieve remote code execution via crafted JSON payloads. The exploit leverages Python's `__reduce__` method to execute arbitrary commands on the target system.

This PoC demonstrates a remote code execution (RCE) vulnerability in Wazuh server due to unsafe deserialization in the `wazuh-manager` package. The exploit leverages the `run_as` endpoint to inject malicious payloads, leading to arbitrary code execution on the server.

This exploit leverages a deserialization vulnerability in Wazuh's worker authentication endpoint to execute arbitrary commands via a crafted JSON payload. It requires valid credentials and targets the `/security/user/authenticate/run_as` endpoint.

This Metasploit module exploits an unsafe deserialization vulnerability (CVE-2025-24016) in Wazuh server versions 4.4.0 to 4.9.1. It leverages forged exceptions in JSON-serialized DAPI parameters to achieve remote code execution via the `os.system` call.