cvedb.io
CVE-2025-54866
MEDIUM · CVSS 5.5
EPSS exploitation probability: 0%
Published 2025-11-21T19:15:54.647 · Last modified 2026-06-17T09:40:49.820

Summary

Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.3.0 to before 4.13.0, a missing ACL on "C:\Program Files (x86)\ossec-agent\authd.pass" exposes the password to all "Authenticated Users" on the local machine. This issue has been patched in version 4.13.0.

Affected products

wazuh — wazuh

Does this affect you?

Add your gear to cvedb and we'll alert you only when wazuh ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.