Medium severity6.5NVD Advisory· Published Mar 27, 2026· Updated Mar 31, 2026
CVE-2025-15617
CVE-2025-15617
Description
Wazuh version 4.12.0 contains an exposure vulnerability in GitHub Actions workflow artifacts that allows attackers to extract the GITHUB_TOKEN from uploaded artifacts. Attackers can use the exposed token within a limited time window to perform unauthorized actions such as pushing malicious commits or altering release tags.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- github.com/wazuh/wazuh/security/advisories/GHSA-6xqr-4q5g-xc7xnvdExploitVendor Advisory
- www.vulncheck.com/advisories/exposure-of-the-github-token-in-wazuh-workflow-run-artifactnvdThird Party Advisory
News mentions
0No linked articles in our index yet.