This Nuclei HTTP template checks a target URL (and its /app/login page) for the Wazuh web interface, extracts the wazuhVersion value with a regex, and confirms the page is accessible (200 status) and actually a Wazuh UI (via title and keyword match). If the extracted version sits between 4.4.0 and 4.9.0 (the vulnerable range for CVE-2025-24016), Nuclei reports a critical finding, signalling that unsafe deserialisation could allow remote code execution.
- Download Nuclei from here
- Copy the template to your local system
- Run the following command:
nuclei -u https://yourHost.com -t template.yaml
- https://github.com/wazuh/wazuh/security/advisories/GHSA-hcrc-79hj-m3qh
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog
- https://www.cve.org/CVERecord?id=CVE-2025-24016
Use at your own risk, I will not be responsible for illegal activities you conduct on infrastructure you do not own or have permission to scan.
Feel free to reach out to me on Signal.