CVE-2025-27234

UNKNOWN 0.0

Zabbix Agent 2 smartctl plugin RCE vulnerability in Zabbix 5.0.

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

Zabbix Agent 2 smartctl plugin does not properly sanitize smart.disk.get parameters, allowing an attacker to inject unexpected arguments into the smartctl command. In Zabbix 5.0 this allows for remote code execution.

CWE	CWE-78
Vendor	zabbix
Product	zabbix
Published	Sep 12, 2025
Last Updated	Feb 26, 2026

Stay Ahead of the Next One

Get instant alerts for zabbix zabbix

Be the first to know when new unknown vulnerabilities affecting zabbix zabbix are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Zabbix / Zabbix

5.0.0 ≤ 5.0.46

References

NVD ↗ CVE.org ↗ EPSS Data ↗

support.zabbix.com: https://support.zabbix.com/browse/ZBX-26985 lists.debian.org: https://lists.debian.org/debian-lts-announce/2026/02/msg00012.html