Cyber Security News

Critical CVE-2025-27237 Vulnerability in Zabbix Agent for Windows Enables Privilege Escalation via OpenSSL Misconfiguration

CybersecurityNews
Critical CVE-2025-27237 Vulnerability in Zabbix Agent for Windows Enables Privilege Escalation via OpenSSL Misconfiguration

A security vulnerability (CVE-2025-27237) affects certain versions of Zabbix Agent and Agent2 for Windows, which could allow local attackers to escalate privileges to SYSTEM by tampering with the OpenSSL configuration file. Immediate updates are recommended to mitigate the risk of malicious code execution and system compromise. #ZabbixAgent #OpenSSLVulnerability

Keypoints

  • The vulnerability impacts Zabbix Agent versions 6.0.0 to 6.0.40, 7.0.0 to 7.0.17, 7.2.0 to 7.2.11, and 7.4.0 to 7.4.1 for Windows.
  • Exploiting the flaw allows a low-privileged user to execute malicious DLLs with SYSTEM privileges.
  • The issue arises from the OpenSSL configuration file path, which can be modified by non-admin users.
  • The vulnerability has a high severity score of 7.3 on CVSS 4.0 and has been fixed in versions 6.0.41, 7.0.18, 7.2.12, and 7.4.2.
  • Users are urged to upgrade to the patched versions immediately and restart their Zabbix services to prevent exploitation.

Read More: https://thecyberexpress.com/zabbix-agent-cve-2025-27237/