RCE in Zabbix

CVE-2025-27233

Zabbix Agent 2 smartctl plugin does not properly sanitize smart.disk.get parameters, allowing an attacker to inject unexpected arguments into the smartctl command. This can be used to leak the NTLMv2 hash from a Windows system.

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.002 (5.6th percentile) — read the EPSS interpretation.

Affected products

  • Zabbix — versions 6.0.0, 7.0.0, 7.2.0

Weakness classification (CWE)

References