CVE-2025-30201 HIGH

CVE-2025-30201: Wazuh NetNTLMv2 Hash Theft In Multiple Centralized Configuration Capabilities

Vendor Wazuh
Product wazuh
Weakness CWE-73
Published November 21, 2025
Last update February 26, 2026

CVSS base score

7.7/10
Attack vector Network
Attack complexity High
Privileges required High
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N

What the vulnerability does

01Description

Wazuh is a free and open source platform used for threat prevention, detection, and response. Prior to version 4.13.0, a vulnerability in Wazuh Agent allows authenticated attackers to force NTLM authentication through malicious UNC paths in various agent configuration settings, potentially leading NTLM relay attacks that would result privilege escalation and remote code execution. This issue has been patched in version 4.13.0.

Key dates

02Disclosure timeline

November 21, 2025 CVE published
February 26, 2026 Record updated