In late March 2025, Akamai discovered a critical security flaw in the Wazuh Server, specifically targeting CVE-2025-24016, which allows remote code execution. This vulnerability, affecting all versions from 4.4.0 onwards, was patched in February 2025. Despite the fix, shortly after its public disclosure, various threat actors began using different variants of the Mirai botnet to launch DDoS attacks. The accelerated exploitation of vulnerabilities, as noted by security researchers, shows an alarming trend among botnet operators, drastically shortening their time-to-exploit window.
The latest attacks leveraging the Wazuh Server flaw demonstrate how threat actors rapidly exploit newly published vulnerabilities, escalating the risk of DDoS campaigns.
Akamai's findings highlight a critical zero-day vulnerability in Wazuh that enables remote code execution, pointing to a troubling trend in vulnerability exploitation.
Collection
[
|
...
]