The Akamai Security Intelligence and Response Team (SIRT) has identified active exploitation of the critical remote code execution (RCE) vulnerability CVE-2025-24016 against Wazuh servers (CVSS 9.9).
The vulnerability takes advantage of decentralized API (DAPI) requests, allowing an attacker to remotely execute code by uploading an unsanitized dictionary.
https://www.akamai.com/blog/security-re ... nerability