CVE-2025-15617HIGH 8.1EPSS p30.4%

CVE-2025-15617CVE-2025-15617

Description

Wazuh version 4.12.0 contains an exposure vulnerability in GitHub Actions workflow artifacts that allows attackers to extract the GITHUB_TOKEN from uploaded artifacts. Attackers can use the exposed token within a limited time window to perform unauthorized actions such as pushing malicious commits or altering release tags.

Scoring

CVSS 3.18.1 (HIGH)
VectorCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.39% probability of exploitation · percentile 30.4% · 2026-06-18T12:00:27Z
Published2026-03-27
Last modified2026-03-31

Underlying weaknesses· 1

CWE-522

References

  1. https://github.com/wazuh/wazuh/security/advisories/GHSA-6xqr-4q5g-xc7x
  2. https://www.vulncheck.com/advisories/exposure-of-the-github-token-in-wazuh-workflow-run-artifact
  3. https://github.com/wazuh/wazuh/security/advisories/GHSA-6xqr-4q5g-xc7x

1

TypeTargetConfidenceTier
WeaknessInsufficiently Protected Credentialscwe-5220%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-31479
CVE
tj-actions/changed-files GitHub Action Embedded Malicious Code Vulnerability
CVE
CVE-2025-15612
CVE
reviewdog/action-setup GitHub Action Embedded Malicious Code Vulnerability
CVE
CVE-2026-0573
CVE
CVE-2025-54416
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.