CVE-2025-27237Uncontrolled Search Path Element in Zabbix

CWE-427Uncontrolled Search Path Element4 documents4 sources
Severity
7.3HIGHNVD
EPSS
0.0%
top 98.96%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Zabbix
Timeline
PublishedOct 3

Description

In Zabbix Agent and Agent 2 on Windows, the OpenSSL configuration file is loaded from a path writable by low-privileged users, allowing malicious modification and potential local privilege escalation by injecting a DLL.

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages1 packages

CVEListV5zabbix/zabbix6.0.06.0.40+3

🔴Vulnerability Details

2
CVEList
DLL injection in Zabbix Agent and Agent 2 via OpenSSL configuration2025-10-03
GHSA
GHSA-r6x3-vwpm-5vwg: In Zabbix Agent and Agent 2 on Windows, the OpenSSL configuration file is loaded from a path writable by low-privileged users, allowing malicious modi2025-10-03

📋Vendor Advisories

1
Debian
CVE-2025-27237: zabbix - In Zabbix Agent and Agent 2 on Windows, the OpenSSL configuration file is loaded...2025
CVE-2025-27237 — Uncontrolled Search Path Element | cvebase