Mirai Botnets Strike Again: Wazuh Servers Vulnerability Exploited!

Akamai warns of Mirai botnets exploiting a critical remote code execution vulnerability in Wazuh servers. The flaw, patched in version 4.9.1, allows attackers with API access to execute malicious code. Two Mirai campaigns have been spotted targeting this vulnerability. Remember, when it comes to servers, always patch before you hatch!

3P
Published: June 9, 2025 2:27 pmAdded: June 9, 2025 at 7:54 amAssembled by: The Editor
Pro Dashboard

Hot Take:

In a world where technology is supposed to save us, it’s ironic that even our security platforms need saving from cyber-villains. Wazuh, a platform meant to detect threats, ironically became the prey of Mirai botnets. It’s like a guard dog that needs a guard cat to keep it safe. Talk about a plot twist!

Key Points:

  • A critical vulnerability, CVE-2025-24016, affected Wazuh servers, allowing remote code execution.
  • Mirai botnets have exploited this vulnerability since March, targeting Wazuh servers.
  • The vulnerability affects Wazuh versions from 4.4.0 to just before 4.9.1.
  • Akamai has identified two separate Mirai campaigns targeting this flaw.
  • Indicators of compromise (IoC) have been made available by Akamai and Kaspersky to help detect these attacks.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?