CVE-2025-15615

EUVD-2025-209102
Wazuh Manager authd service in wazuh-manager packages through version 4.7.3 contains an improper restriction of client-initiated SSL/TLS renegotiation vulnerability that allows remote attackers to cause a denial of service by sending excessive renegotiation requests. Attackers can exploit the lack of renegotiation limits to consume CPU resources and render the authd service unavailable.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.8 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
VulnCheckCNA
6.5 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
wazuhwazuh
𝑥
≤ 4.7.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/wazuh/wazuh/security/advisories/GHSA-rr83-v9v7-jjhp
https://www.vulncheck.com/advisories/ssl-tls-renegotiation-dos-in-wazuh-manager-authd-service