Proxmox vuneralbilities according to Wazuh

C

Cesar da Silva

Renowned Member
Mar 2, 2018
10
3
68
56
I am using Wazuh to monitor my systems, and I got information that Proxmox (with the latest updates) are vunerebale to the following CVE:s:
CVE-2025-69720
CVE-2006-10003
CVE-2026-32746

Can you confirm it or maybe fix it in comming updates?
 
CVE-2025-69720 and CVE-2006-10003 refer to these packages: libncurses6 libncursesw6 libtinfo6 libxml-parser-perl ncurses-base ncurses-bin ncurses-term, which are from debian's repository. I don't think it's a Proxmox issue, but Debian's.

CVE-2006-10003 is already patched in forky/sid, so it's just a question of time to be backported.

Oh, and just run apt remove inetutils-telnet -y in your hosts to remove telnetd in order to solve mitigate CVE-2026-32746.
 
Last edited:
santiagobiali said:
CVE-2025-69720 and CVE-2006-10003 refer to these packages: libncurses6 libncursesw6 libtinfo6 libxml-parser-perl ncurses-base ncurses-bin ncurses-term, which are from debian's repository. I don't think it's a Proxmox issue, but Debian's.
Click to expand...
Proxmox has the ability to incorporate patches and build updated packages as needed. Given that Proxmox VE is frequently deployed as an appliance, and is relied upon by many enterprise environments, there may be cases where, depending on the severity of a vulnerability, it makes sense for fixes to be prioritized and included more quickly.

If the original poster, or any paying customer, has concerns about specific open CVEs, it would be appropriate to open a Bugzilla tracking issue or submit a support case to help ensure visibility and proper prioritization.

Blockbridge : Ultra low latency all-NVME shared storage for Proxmox - https://www.blockbridge.com/proxmox
 
  • Like
Reactions: santiagobiali, gurubert, Stubennerd and 3 others
You must log in or register to reply here.
Top Bottom
Back