CVE-2025-27237

UNKNOWN 0.0

DLL injection in Zabbix Agent and Agent 2 via OpenSSL configuration

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

In Zabbix Agent and Agent 2 on Windows, the OpenSSL configuration file is loaded from a path writable by low-privileged users, allowing malicious modification and potential local privilege escalation by injecting a DLL.

CWE	CWE-427
Vendor	zabbix
Product	zabbix
Published	Oct 3, 2025
Last Updated	Feb 26, 2026

Stay Ahead of the Next One

Get instant alerts for zabbix zabbix

Be the first to know when new unknown vulnerabilities affecting zabbix zabbix are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Zabbix / Zabbix

6.0.0 ≤ 6.0.40 7.0.0 ≤ 7.0.17 7.2.0 ≤ 7.2.11 7.4.0 ≤ 7.4.1

References

NVD ↗ CVE.org ↗ EPSS Data ↗

support.zabbix.com: https://support.zabbix.com/browse/ZBX-27061

Credits

🔍 Zabbix wants to thank himbeer for submitting this report on the HackerOne bug bounty platform.