Medium severityOSV Advisory· Published Nov 21, 2025· Updated Apr 15, 2026

CVE-2025-64483

Description

Wazuh is a security detection, visibility, and compliance open source project. From version 4.9.0 to before 4.13.0, the Wazuh API – Agent Configuration in certain configurations allows authenticated users with read-only API roles to retrieve agent enrollment credentials through the /utils/configuration endpoint. These credentials can be used to register new agents within the same Wazuh tenant without requiring elevated permissions through the UI. This issue has been patched in version 4.13.0.

Affected products

Wazuh/Wazuh Dashboard PluginsOSV

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/wazuh/wazuh-dashboard-plugins/commit/eac859f1ad0bf5eb8b0dbc7ea7eeef4bd22c3722nvd
github.com/wazuh/wazuh-dashboard-plugins/security/advisories/GHSA-gwf3-8gm3-qrmjnvd

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000