Unrated severityNVD Advisory· Published Nov 21, 2025· Updated Feb 26, 2026

Wazuh NetNTLMv2 Hash Theft In Multiple Centralized Configuration Capabilities

CVE-2025-30201

Description

Wazuh is a free and open source platform used for threat prevention, detection, and response. Prior to version 4.13.0, a vulnerability in Wazuh Agent allows authenticated attackers to force NTLM authentication through malicious UNC paths in various agent configuration settings, potentially leading NTLM relay attacks that would result privilege escalation and remote code execution. This issue has been patched in version 4.13.0.

Affected products

Wazuh/Wazuhv5
Range: < 4.13.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/wazuh/wazuh/commit/688972da589e5d40d2a81bcd738240303a3dc45amitrex_refsource_MISC
github.com/wazuh/wazuh/pull/30060mitrex_refsource_MISC
github.com/wazuh/wazuh/security/advisories/GHSA-x697-jf34-gp5xmitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000