CVE-2025-27237

HIGH

Zabbix Agent/Agent 2 <Windows> - Privilege Escalation

Title source: llm

Description

In Zabbix Agent and Agent 2 on Windows, the OpenSSL configuration file is loaded from a path writable by low-privileged users, allowing malicious modification and potential local privilege escalation by injecting a DLL.

Exploits (2)

nomisec WORKING POC 19 stars

by HackingLZ · poc

https://github.com/HackingLZ/CVE-2025-27237

View Code ZIP pw:eip

gitlab WORKING POC

by HackingLZ · poc

https://gitlab.com/HackingLZ/CVE-2025-27237

View Code ZIP pw:eip

References (1)

[Various Sources] https://support.zabbix.com/browse/ZBX-27061

Scores

CVSS v4 7.3

EPSS 0.0001

EPSS Percentile 1.1%

CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Details

CWE

CWE-427

Status published

Products (4)

Zabbix/Zabbix 6.0.0 - 6.0.40

Zabbix/Zabbix 7.0.0 - 7.0.17

Zabbix/Zabbix 7.2.0 - 7.2.11

Zabbix/Zabbix 7.4.0 - 7.4.1

Published Oct 03, 2025

Tracked Since Feb 18, 2026