vuln disclosure
Wazuh Agent UNC Path Injection Vulnerability Allows NTLM Relay AttacksCVE-2025-30201
A vulnerability in Wazuh Agent versions before 4.13.0 allows authenticated attackers to inject malicious UNC paths into agent configuration settings, forcing NTLM authentication. This can lead to NTLM relay attacks, privilege escalation, and remote code execution. A proof-of-concept exploit is publicly available, and a patch has been released in version 4.13.0.