CVE-2025-15615
Published: 27 March 2026
Summary
CVE-2025-15615 is a medium-severity Incorrect Default Permissions (CWE-276) vulnerability in Wazuh Wazuh. Its CVSS base score is 5.8 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Service Exhaustion Flood (T1499.002); ranked at the 21.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SC-6 (Resource Availability).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
SC-5 Denial-of-service Protection directly limits the effects of excessive SSL/TLS renegotiation requests that consume CPU resources in the Wazuh authd service.
SI-2 Flaw Remediation requires timely patching of the specific improper restriction vulnerability in wazuh-manager authd service beyond version 4.7.3.
SC-6 Resource Availability employs techniques to prevent CPU resource exhaustion caused by high-volume renegotiation requests targeting the authd service.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Vulnerability directly enables remote service exhaustion DoS via SSL renegotiation abuse targeting the authd service.
NVD Description
Wazuh Manager authd service in wazuh-manager packages through version 4.7.3 contains an improper restriction of client-initiated SSL/TLS renegotiation vulnerability that allows remote attackers to cause a denial of service by sending excessive renegotiation requests. Attackers can exploit the lack of…
more
renegotiation limits to consume CPU resources and render the authd service unavailable.
Deeper analysisAI
CVE-2025-15615 is an improper restriction of client-initiated SSL/TLS renegotiation vulnerability in the authd service of Wazuh Manager, affecting wazuh-manager packages through version 4.7.3. The flaw stems from a lack of limits on renegotiation requests, enabling remote attackers to send excessive requests that consume CPU resources and render the authd service unavailable, resulting in a denial of service. The vulnerability is rated with a CVSS v3.1 base score of 5.8 (AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L) and is associated with CWE-276.
Remote attackers require no privileges or user interaction to exploit this vulnerability over the network with low complexity. By initiating a high volume of SSL/TLS renegotiation requests to the authd service, they can exhaust CPU resources, leading to service unavailability and disrupting Wazuh Manager's authentication functions for agents.
Mitigation details and patches are outlined in the official advisories, including the Wazuh GitHub Security Advisory at https://github.com/wazuh/wazuh/security/advisories/GHSA-rr83-v9v7-jjhp and the VulnCheck advisory at https://www.vulncheck.com/advisories/ssl-tls-renegotiation-dos-in-wazuh-manager-authd-service. Security practitioners should consult these for upgrade instructions beyond version 4.7.3 and any configuration hardening recommendations.
Details
- CWE(s)