CVE-2025-49642Untrusted Search Path in Zabbix

CWE-426Untrusted Search Path4 documents4 sources
Severity
5.8MEDIUMNVD
EPSS
0.0%
top 92.41%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Zabbix
Timeline
PublishedDec 1

Description

Library loading on AIX Zabbix Agent builds can be hijacked by local users with write access to the /home/cecuser directory.

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages1 packages

CVEListV5zabbix/zabbix7.2.07.2.1+2

🔴Vulnerability Details

2
CVEList
Agent builds for AIX vulnerable to library loading hijacking2025-12-01
GHSA
GHSA-gm93-3f63-r64c: Library loading on AIX Zabbix Agent builds can be hijacked by local users with write access to the /home/cecuser directory2025-12-01

📋Vendor Advisories

1
Debian
CVE-2025-49642: zabbix - Library loading on AIX Zabbix Agent builds can be hijacked by local users with w...2025
CVE-2025-49642 — Untrusted Search Path in Zabbix | cvebase