Zabbix Agent 2 smartctl plugin does not properly sanitize smart.disk.get parameters, allowing an attacker to inject unexpected arguments into the smartctl command. In Zabbix 5.0 this allows for remote code execution.
CVSS
No CVSS.
References
| Link | Resource |
|---|---|
| https://support.zabbix.com/browse/ZBX-26985 |
Configurations
No configuration.
History
12 Sep 2025, 11:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2025-09-12 11:15
Updated : 2025-09-15 15:21
NVD link : CVE-2025-27234
Mitre link : CVE-2025-27234
CVE.ORG link : CVE-2025-27234
JSON object : View
Products Affected
No product.
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')