CVE-2025-27233

Vulnerability Description

Zabbix Agent 2 smartctl plugin does not properly sanitize smart.disk.get parameters, allowing an attacker to inject unexpected arguments into the smartctl command. This can be used to leak the NTLMv2 hash from a Windows system.

Related Weaknesses (CWE)

CWE-77

References

https://support.zabbix.com/browse/ZBX-26987

FAQ

What is CVE-2025-27233?

CVE-2025-27233 is a documented vulnerability. Zabbix Agent 2 smartctl plugin does not properly sanitize smart.disk.get parameters, allowing an attacker to inject unexpected arguments into the smartctl command. This can be used to leak the NTLMv2 ...

How severe is CVE-2025-27233?

CVSS scoring is not yet available for CVE-2025-27233. Check NVD for updates.

Is there a patch for CVE-2025-27233?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.