Missing CVE with vulnerability detector
37 views
Skip to first unread message
jernej65
Oct 14, 2025, 4:09:24 AM (5 days ago) Oct 14
to Wazuh | Mailing List
We have a bunch of VMs with open-vm-tools.
All VMs are added to wazuh with vulnerability scanner enabled.
I saw the news about next CVE: CVE-2025-41244
I think few VMs are vulnerable, because i didn't update open-vm-tools for a while, but wazuh is not showing this cve in my wazuh manager dashboard.
Why?
For example one open-vm-tools version on one of my VMs:
open-vm-tools.x86_64 12.3.5-2.el8
Most of VMs are RockyLinux 8.10 or 9.5/9.6.
I can see that CVE is added to wazuh CTI so i think it shoud be visible if VMs are vulnerable: https://cti.wazuh.com/vulnerabilities/cves/CVE-2025-41244
Why i can't see CVE-2025-41244 in wazuh?
All VMs are added to wazuh with vulnerability scanner enabled.
I saw the news about next CVE: CVE-2025-41244
I think few VMs are vulnerable, because i didn't update open-vm-tools for a while, but wazuh is not showing this cve in my wazuh manager dashboard.
Why?
For example one open-vm-tools version on one of my VMs:
open-vm-tools.x86_64 12.3.5-2.el8
Most of VMs are RockyLinux 8.10 or 9.5/9.6.
I can see that CVE is added to wazuh CTI so i think it shoud be visible if VMs are vulnerable: https://cti.wazuh.com/vulnerabilities/cves/CVE-2025-41244
Why i can't see CVE-2025-41244 in wazuh?
Md. Nazmur Sakib
Oct 14, 2025, 5:05:31 AM (5 days ago) Oct 14
to Wazuh | Mailing List
Hi Jernej,
I can see that the Rocky Linux OS feed for this CVE is not updated in our CTI yet.
https://cti.wazuh.com/vulnerabilities/cves/CVE-2025-41244
While checking the Rocky Linux feed, it shows the version Open-vm-tools-0:12.3.5-2.el8_10.1.x86_64.rpm as an updated version in Rocky version 8.
Ref: https://errata.rockylinux.org/RLSA-2025:17509
Feed for this CVE is not available in Rocky Linux 9 from the Rocky Linux side. Check the screenshot for details.
https://errata.rockylinux.org/
I will check with the responsible team for updating the feed for this CVE.
Let me know if you need any further information.
I can see that the Rocky Linux OS feed for this CVE is not updated in our CTI yet.
https://cti.wazuh.com/vulnerabilities/cves/CVE-2025-41244
While checking the Rocky Linux feed, it shows the version Open-vm-tools-0:12.3.5-2.el8_10.1.x86_64.rpm as an updated version in Rocky version 8.
Ref: https://errata.rockylinux.org/RLSA-2025:17509
Feed for this CVE is not available in Rocky Linux 9 from the Rocky Linux side. Check the screenshot for details.
https://errata.rockylinux.org/
I will check with the responsible team for updating the feed for this CVE.
Let me know if you need any further information.
jernej65
Oct 15, 2025, 2:36:28 AM (4 days ago) Oct 15
to Wazuh | Mailing List
Oh, thank you for you explanation. It's more clear now, why i don't see the CVE.
Thank you for fast answer!
Kind regards.
Thank you for fast answer!
Kind regards.
torek, 14. oktober 2025 ob 11:05:31 UTC+2 je oseba Md. Nazmur Sakib napisala:
Reply all
Reply to author
Forward
0 new messages