CVE-2025-24016

What is Wazuh?

Wazuh is an open-source security information and event management (SIEM) and extended detection and response (XDR) platform used by organizations to monitor security events, detect threats, and respond to incidents. The Wazuh server collects and analyzes security telemetry from agents deployed across an organization's endpoints, cloud environments, and network devices. Because Wazuh is a security platform with agents on every monitored system, compromising the Wazuh server gives an attacker visibility into — and potentially control over — the entire monitored environment. The Wazuh REST API is used by administrators and integrations to manage the server and retrieve security data.

Overview

CVE-2025-24016 is a critical deserialization of untrusted data vulnerability (CWE-502, CVSS 9.9) in the Wazuh Server REST API. An attacker with a valid Wazuh API token (low-privilege access) can send a crafted request containing a malicious Python pickle object. The server deserializes the pickle payload without validation, executing arbitrary OS commands with the privileges of the Wazuh server process. The Scope:Changed (S:C) rating reflects that the Wazuh server process has access to data from all monitored endpoints, crossing the security boundary. CISA added CVE-2025-24016 to the KEV catalog in June 2025 — approximately 4 months after the patch — confirming exploitation of unpatched instances.

Affected Versions

Technical Details

The vulnerability (CWE-502: Deserialization of Untrusted Data) is in the Wazuh REST API's request processing layer. Certain API endpoints accept Python pickle-serialized data in request bodies. Python's pickle module is inherently unsafe for untrusted data — deserialization of a pickle object executes arbitrary Python code defined within the object, without any sandboxing.

A low-privilege Wazuh API token (obtainable with standard read-only permissions) is sufficient to reach the vulnerable API endpoint. By crafting a request containing a malicious pickle payload (e.g., using os.system() or subprocess.Popen() within the pickle object), an attacker achieves arbitrary OS command execution as the wazuh service user — which has broad access to security data and configuration across the entire monitored environment.

The CVSS Confidentiality:Low rating reflects that direct, immediate exfiltration of all monitored data may require additional steps, but the Integrity:High and Availability:High ratings reflect the ability to modify or destroy Wazuh configuration, agent data, and security telemetry.

Discovery

Reported through Wazuh's responsible disclosure program; no individual external researcher is publicly credited. Wazuh published the fix in version 4.9.1 on February 10, 2025.

Exploitation Context

CISA added CVE-2025-24016 to the KEV catalog on 10 June 2025 — approximately 4 months after the patch — confirming active exploitation of unpatched Wazuh instances. Organizations that delayed upgrading their SIEM/XDR platform exposed their security monitoring infrastructure to compromise. Compromising a Wazuh server enables: disabling or falsifying security alerts across all monitored endpoints, exfiltrating security event data (revealing attacker-discovery timelines), and leveraging the Wazuh server's privileged position to pivot to monitored systems. No specific threat actor has been publicly attributed.

Remediation

1. Upgrade Wazuh to version 4.9.1 or later immediately — follow Wazuh's upgrade guide at https://documentation.wazuh.com/current/upgrade-guide/.
2. Rotate all Wazuh API tokens after upgrading — tokens held by any compromised client should be invalidated.
3. Restrict Wazuh REST API access to trusted administrative subnets using firewall rules — the API (default port 55000) should not be internet-accessible.
4. Review Wazuh API logs for unexpected requests to pickle-consuming endpoints, particularly from unexpected API token holders.
5. Audit security alert history for signs of tampered or suppressed alerts during the vulnerability window.