CVE-2025-15612

low-risk

Published 2026-03-27

Wazuh provisioning scripts and Dockerfiles contain an insecure transport vulnerability where curl is invoked with the -k/--insecure flag, disabling SSL/TLS certificate validation. Attackers with network access can perform man-in-the-middle attacks to intercept and modify downloaded dependencies or code during the build process, leading to remote code execution and supply chain compromise.

Do I need to act?

0.05% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 4.8/10 Medium

NETWORK / HIGH complexity

Affected Products (1)

Wazuh

Affected Vendors

Wazuh

References (2)

Exploit https://github.com/wazuh/wazuh/security/advisories/GHSA-wvg9-7q49-c7mg

Third Party Advisory https://www.vulncheck.com/advisories/various-uses-of-curl-without-verifying-the-...

/ 100

low-risk

Severity 15/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal