CVE-2025-30201CRITICAL 9.1EPSS p47.4%

CVE-2025-30201CVE-2025-30201

Description

Wazuh is a free and open source platform used for threat prevention, detection, and response. Prior to version 4.13.0, a vulnerability in Wazuh Agent allows authenticated attackers to force NTLM authentication through malicious UNC paths in various agent configuration settings, potentially leading NTLM relay attacks that would result privilege escalation and remote code execution. This issue has been patched in version 4.13.0.

Scoring

CVSS 3.19.1 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
EPSS0.68% probability of exploitation · percentile 47.4% · 2026-06-19T12:03:05Z
Published2025-11-21
Last modified2025-12-02

Underlying weaknesses· 2

CWE-73CWE-294

References

  1. https://github.com/wazuh/wazuh/commit/688972da589e5d40d2a81bcd738240303a3dc45a
  2. https://github.com/wazuh/wazuh/pull/30060
  3. https://github.com/wazuh/wazuh/security/advisories/GHSA-x697-jf34-gp5x

2

TypeTargetConfidenceTier
WeaknessAuthentication Bypass by Capture-replaycwe-2940%live
WeaknessExternal Control of File Name or Pathcwe-730%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-30893
CVE
CVE-2025-62786
CVE
CVE-2025-53778
CVE
Wazuh Server Deserialization of Untrusted Data Vulnerability
CVE
CVE-2026-25769
CVE
CVE-2025-54918
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.