A critical remote code execution (RCE) vulnerability has been discovered in the Wazuh server, a popular open-source security platform used for threat detection and compliance monitoring.

Identified as CVE-2025-24016, this flaw allows attackers with API access to execute arbitrary Python code on the server, posing a significant threat to affected systems. The vulnerability has been assigned a CVSS score of 9.9, reflecting its critical severity.