{"id":"CVE-2025-15617","summary":"Wazuh GitHub Actions Workflow Exposure of Sensitive Credentials","details":"Wazuh version 4.12.0 contains an exposure vulnerability in GitHub Actions workflow artifacts that allows attackers to extract the GITHUB_TOKEN from uploaded artifacts. Attackers can use the exposed token within a limited time window to perform unauthorized actions such as pushing malicious commits or altering release tags.","aliases":["GHSA-6xqr-4q5g-xc7x"],"modified":"2026-07-08T06:51:28.304570430Z","published":"2026-03-27T18:04:13.691Z","database_specific":{"cna_assigner":"VulnCheck","cwe_ids":["CWE-522"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/15xxx/CVE-2025-15617.json"},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/15xxx/CVE-2025-15617.json"},{"type":"ADVISORY","url":"https://github.com/wazuh/wazuh/security/advisories/GHSA-6xqr-4q5g-xc7x"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-15617"},{"type":"ADVISORY","url":"https://www.vulncheck.com/advisories/exposure-of-the-github-token-in-wazuh-workflow-run-artifact"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/wazuh/wazuh","events":[{"introduced":"802b10f727c59e4d0aa502279ea53c2c776328b6"},{"last_affected":"802b10f727c59e4d0aa502279ea53c2c776328b6"}],"database_specific":{"extracted_events":[{"introduced":"4.12.0"},{"last_affected":"4.12.0"}],"source":["AFFECTED_FIELD","CPE_STRING"],"cpe":"cpe:2.3:a:wazuh:wazuh:4.12.0:*:*:*:*:*:*:*"}}],"versions":["4.12.0","v4.12.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-15617.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V4","score":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N"}]}