CVE-2025-24016: Wazuh Server Deserialization of Untrusted Data

Wazuh Server Deserialization of Untrusted Data Vulnerability. Wazuh contains a deserialization of untrusted data vulnerability that allows for remote code execution on Wazuh servers.

• CISA KEV-listed (remediation due 2025-07-01)
• EPSS 93.9% (99.9% percentile)

Browse the CVE database

Read the full analysis on IntelFusions