CVE-2025-15617

MEDIUM 6.5

Wazuh GitHub Actions Workflow Exposure of Sensitive Credentials

CVSS Score

6.5

EPSS Score

0.0%

EPSS Percentile

11th

Wazuh version 4.12.0 contains an exposure vulnerability in GitHub Actions workflow artifacts that allows attackers to extract the GITHUB_TOKEN from uploaded artifacts. Attackers can use the exposed token within a limited time window to perform unauthorized actions such as pushing malicious commits or altering release tags.

CWE	CWE-522
Vendor	wazuh
Product	wazuh (github actions)
Published	Mar 27, 2026
Last Updated	Mar 31, 2026

Stay Ahead of the Next One

Get instant alerts for wazuh wazuh (github actions)

Be the first to know when new medium vulnerabilities affecting wazuh wazuh (github actions) are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

Low

Affected Versions

Wazuh / Wazuh (GitHub Actions)

4.12.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/wazuh/wazuh/security/advisories/GHSA-6xqr-4q5g-xc7x vulncheck.com: https://www.vulncheck.com/advisories/exposure-of-the-github-token-in-wazuh-workflow-run-artifact

Credits

jackhac 🔍 nopcorn nopcorn vikman90