Known exploited
Wazuh
CVE published 2025-06-10
CVE-2025-24016
CVE-2025-24016 is a Wazuh Server deserialization of untrusted data issue that CISA added to its Known Exploited Vulnerabilities catalog on 2025-06-10. Because it is KEV-listed, it should be treated as an active defensive priority. CISA’s guidance is to apply vendor mitigations, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.