CVE-2025-27234

CVSS v2.0

7.7

High

Vector

AV:A/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: Zabbix Agent 2 versions 5.0 and earlier

Description: The Zabbix Agent 2 smartctl plugin does not properly sanitize smart.disk.get parameters, potentially allowing an attacker to inject unexpected arguments into the smartctl command. This can lead to remote code execution.

Recommendations: Update Zabbix Agent 2 to a version later than 5.0.

Fix

RCE

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

ALT-PU-2025-12637

BDU:2025-12724

CVE-2025-27234

Affected Products

Alt Linux

Astra Linux

Debian

Zabbix Agent 2

Smartctl

CVE-2025-27234

Weakness Enumeration

Related Identifiers

Affected Products

References · 16