CVE-2025-15615— Wazuh Manager authd service Improper SSL/TLS Renegotiation Handling leading to Denial of Service

CVSS 6.5 · Medium EPSS 0.07% · P22 Updated Mar 28, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2025-15615

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Wazuh Manager authd service Improper SSL/TLS Renegotiation Handling leading to Denial of Service

Source: NVD (National Vulnerability Database)

Vulnerability Description

Wazuh Manager authd service in wazuh-manager packages through version 4.7.3 contains an improper restriction of client-initiated SSL/TLS renegotiation vulnerability that allows remote attackers to cause a denial of service by sending excessive renegotiation requests. Attackers can exploit the lack of renegotiation limits to consume CPU resources and render the authd service unavailable.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L

Source: NVD (National Vulnerability Database)

Vulnerability Type

缺省权限不正确

Source: NVD (National Vulnerability Database)

Vulnerability Title

Wazuh 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Wazuh是Wazuh开源的一个应用软件。用于收集，汇总，索引和分析安全数据，帮助组织检测入侵，威胁和行为异常。 Wazuh 4.7.3及之前版本存在安全漏洞，该漏洞源于对客户端发起的SSL/TLS重新协商限制不当，可能导致远程攻击者造成拒绝服务。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
Wazuh	wazuh-manager	<= 4.7.3	-
Wazuh	wazuh-manager	<= 4.7.3	-

II. Public POCs for CVE-2025-15615

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2025-15615

请登录查看更多情报信息。

Same Patch Batch · Wazuh · 2026-03-27 · 7 CVEs total

CVE-2025-15616	6.7 MEDIUM	Wazuh Agent and Manager OS Command Injection and Untrusted Search Path
CVE-2025-15617	6.5 MEDIUM	Wazuh GitHub Actions Workflow Exposure of Sensitive Credentials
CVE-2026-32983	5.8 MEDIUM	SSL/TLS Renegotiation DoS in Wazuh Manager authd service
CVE-2025-15612	4.8 MEDIUM	Wazuh Provisioning Scripts / Build Infrastructure Improper Certificate Validation leading
CVE-2026-32984	3.5 LOW	Heap buffer overflow in wazuh-authd
CVE-2023-7340	3.1 LOW	Wazuh authd service (os_auth) Heap-based Buffer Overflow

IV. Related Vulnerabilities

Same product: wazuh-manager

CVE-2026-32983
SSL/TLS Renegotiation DoS in Wazuh Manager authd service

Same vendor: Wazuh

Same weakness: CWE-276

V. Comments for CVE-2025-15615

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2025-15615— Wazuh Manager authd service Improper SSL/TLS Renegotiation Handling leading to Denial of Service

I. Basic Information for CVE-2025-15615

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2025-15615

III. Intelligence Information for CVE-2025-15615

Same Patch Batch · Wazuh · 2026-03-27 · 7 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2025-15615

Leave a comment