CVE-2025-15612 MEDIUM

CVE-2025-15612: Wazuh Provisioning Scripts / Build Infrastructure Improper Certificate Validation leading to MITM and RCE

Vendor Wazuh
Product Wazuh Provisioning Scripts (Agent Build Environment)
Weakness CWE-295
Published March 27, 2026
Last update May 14, 2026

CVSS base score

6.3/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Wazuh provisioning scripts and Dockerfiles contain an insecure transport vulnerability where curl is invoked with the -k/--insecure flag, disabling SSL/TLS certificate validation. Attackers with network access can perform man-in-the-middle attacks to intercept and modify downloaded dependencies or code during the build process, leading to remote code execution and supply chain compromise.

Key dates

02Disclosure timeline

March 27, 2026 CVE published
May 14, 2026 Record updated