CVE-2025-27237

CVE-2025-27237

Name

CVE-2025-27237

Description

In Zabbix Agent and Agent 2 on Windows, the OpenSSL configuration file is loaded from a path writable by low-privileged users, allowing malicious modification and potential local privilege escalation by injecting a DLL.

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
	https://support.zabbix.com/browse/ZBX-27061

Type

URI

https://support.zabbix.com/browse/ZBX-27061

Match rules

Source package	Min version	Max version
zabbix	>= 6.0.0	<= 6.0.40
zabbix	>= 7.0.0	<= 7.0.17
zabbix	>= 7.2.0	<= 7.2.11
zabbix	>= 7.4.0	<= 7.4.1

CPE URI

Source package

Min version

Max version

zabbix

>= 6.0.0

<= 6.0.40

zabbix

>= 7.0.0

<= 7.0.17

zabbix

>= 7.2.0

<= 7.2.11

zabbix

>= 7.4.0

<= 7.4.1

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
zabbix	edge-community	7.4.1-r1	Kevin Daudt <kdaudt@alpinelinux.org>	possibly vulnerable
zabbix	edge-community	7.0.1-r0	Kevin Daudt <kdaudt@alpinelinux.org>	possibly vulnerable
zabbix	3.22-community	7.2.11-r2	Kevin Daudt <kdaudt@alpinelinux.org>	possibly vulnerable
zabbix	3.22-community	7.2.11-r1	Kevin Daudt <kdaudt@alpinelinux.org>	possibly vulnerable
zabbix	3.22-community	7.0.16-r0	Kevin Daudt <kdaudt@alpinelinux.org>	possibly vulnerable
zabbix	3.22-community	7.0.12-r0	Kevin Daudt <kdaudt@alpinelinux.org>	possibly vulnerable
zabbix	3.22-community	7.0.1-r0	None	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

zabbix

edge-community

7.4.1-r1

Kevin Daudt <kdaudt@alpinelinux.org>

possibly vulnerable

zabbix

edge-community