CVE-2025-15612

MEDIUM 4.8

Wazuh Provisioning Scripts / Build Infrastructure Improper Certificate Validation leading to MITM and RCE

CVSS Score

4.8

EPSS Score

0.0%

EPSS Percentile

13th

Wazuh provisioning scripts and Dockerfiles contain an insecure transport vulnerability where curl is invoked with the -k/--insecure flag, disabling SSL/TLS certificate validation. Attackers with network access can perform man-in-the-middle attacks to intercept and modify downloaded dependencies or code during the build process, leading to remote code execution and supply chain compromise.

CWE	CWE-295 CWE-829
Vendor	wazuh
Product	wazuh provisioning scripts (agent build environment)
Published	Mar 27, 2026
Last Updated	Mar 31, 2026

Stay Ahead of the Next One

Get instant alerts for wazuh wazuh provisioning scripts (agent build environment)

Be the first to know when new medium vulnerabilities affecting wazuh wazuh provisioning scripts (agent build environment) are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

None

Affected Versions

Wazuh / Wazuh Provisioning Scripts (Agent Build Environment)

>=4.1.3

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/wazuh/wazuh/security/advisories/GHSA-wvg9-7q49-c7mg vulncheck.com: https://www.vulncheck.com/advisories/various-uses-of-curl-without-verifying-the-authenticity-of-the-ssl-certificate-leading-to-mitm-rce-in-build-infrastructure

Credits

JLLeitschuh 🔍 vikman90