Tracked as CVE-2025-27237, the issue arises from the way the agent loads its OpenSSL configuration file during service startup. Zabbix, a widely adopted open-source monitoring solution, relies on elevated permissions on Windows hosts to gather in-depth system metrics.
In affected versions, the OpenSSL configuration file is stored in a directory where non-administrative users have write access.
By replacing or modifying this file to reference a malicious DLL, an attacker can force the agent to load and execute arbitrary code as the SYSTEM user upon service restart.
In Zabbix Agent and Agent2 versions 6.0.0 through 6.0.40, 7.0.0 through 7.0.17, 7.2.0 through 7.2.11, and 7.4.0 through 7.4.1, the OpenSSL configuration path resides in a location with insufficient access controls.
When the service initiates, it reads the configuration file to establish secure communications.
An adversary with any level of local access can modify this file to include directives that load a crafted DLL.
Upon service restart triggered either manually or during host reboot, the agent processes the malicious configuration, resulting in arbitrary code execution at SYSTEM privileges and complete host takeover.
| CVE ID | Affected Versions | Impact | Exploit Prerequisites | CVSS 4.0 Score Vector |
|---|---|---|---|---|
| CVE-2025-27237 | 6.0.0 – 6.0.40 7.0.0 – 7.0.17 7.2.0 – 7.2.11 7.4.0 – 7.4.1 | Local privilege escalation | Local user access to Windows host | 7.3 (High) |
The flaw was responsibly disclosed by researcher himbeer through the HackerOne bug bounty program and promptly confirmed by the Zabbix Support Team via ticket ZBX-27061.
To remediate this vulnerability, administrators must upgrade to one of the patched releases: 6.0.41, 7.0.18, 7.2.12, or 7.4.2.
The updates secure the OpenSSL configuration path by moving the file to a directory exclusively writable by administrators, thereby eliminating unauthorized modifications.
After performing the upgrade, restart the Zabbix Agent or Agent2 service to ensure the new configuration path is enforced.
No alternative mitigations or workarounds are available; installing the patch is the only effective defense.
Organizations using Zabbix to monitor Windows environments should treat this vulnerability as a top priority.
Failure to apply the update exposes critical systems to full compromise by any local user account.
By upgrading immediately and enforcing strict file permission policies, security teams can prevent attackers from exploiting CVE-2025-27237 to gain complete control over monitored hosts.
Continuous monitoring and adherence to best practices for service account permissions will further reduce the risk of similar issues in future releases.
Find this Story Interesting! Follow us on Google News, LinkedIn, and X to Get More Instant Updates
The post Zabbix Agent & Agent2 Flaw Lets Attackers Escalate Privileges appeared first on Cyber Security News.
The director of the canceled The Last of Us Online has said former colleagues still…
Former Doctor Who star Peter Capaldi has dismissed criticism of the show's recent lead actors…
One of the lead actors behind BioWare's Mass Effect Andromeda has spoken out about the…
Jaz Sinclair, who played Marie Moreau in The Boys spinoff Gen V, has reacted to…
When it comes to Bravo fans, the word “pilgrimage” has a particular resonance. These fans…
Autumn Note is a vanilla JavaScript WYSIWYG editor with rich text editing, media insertion, table…
This website uses cookies.