CVE-2025-54866
MEDIUMWazuh 4.3.0-4.12.9 - Incorrect Default Permissions in authd.pass
Title source: llmDescription
Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.3.0 to before 4.13.0, a missing ACL on "C:\Program Files (x86)\ossec-agent\authd.pass" exposes the password to all "Authenticated Users" on the local machine. This issue has been patched in version 4.13.0.
References (4)
Core 4
Core References
Exploit, Vendor Advisory x_refsource_confirm
https://github.com/wazuh/wazuh/security/advisories/GHSA-mvfx-ph7m-qm37
Issue Tracking, Patch x_refsource_misc
https://github.com/wazuh/wazuh/pull/31187
Patch x_refsource_misc
https://github.com/wazuh/wazuh/commit/606f19e688944ebe5d28d72eb81ac36f8fffb143
Release Notes x_refsource_misc
https://github.com/wazuh/wazuh/releases/tag/v4.13.0
Scores
CVSS v3
5.5
EPSS
0.0015
EPSS Percentile
4.3%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-276
Status
published
Products (1)
wazuh/wazuh
4.3.0 - 4.13.0
Published
Nov 21, 2025
Tracked Since
Feb 18, 2026