CVE-2025-27233

Zabbix Agent 2 smartctl plugin argument injection in Zabbix 6.0 and later.

Description

Zabbix Agent 2 smartctl plugin does not properly sanitize smart.disk.get parameters, allowing an attacker to inject unexpected arguments into the smartctl command. This can be used to leak the NTLMv2 hash from a Windows system.

INFO

Published Date :

2025-09-12T10:32:36.174Z

Last Modified :

2025-09-12T11:58:28.618Z

Source :

Zabbix

AFFECTED PRODUCTS

The following products are affected by CVE-2025-27233 vulnerability.

Vendors	Products
Microsoft	Windows
Zabbix	Zabbix Zabbix-agent Zabbix-agent2

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-27233.

URL	Resource
https://support.zabbix.com/browse/ZBX-26987

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Attack Requirements

Privileges Required

User Interaction

VS Confidentiality

VS Integrity

VS Availability

SS Confidentiality

SS Integrity

SS Availability