Vulnerability Description
Zabbix Agent 2 smartctl plugin does not properly sanitize smart.disk.get parameters, allowing an attacker to inject unexpected arguments into the smartctl command. In Zabbix 5.0 this allows for remote code execution.
Related Weaknesses (CWE)
References
- https://support.zabbix.com/browse/ZBX-26985
- https://lists.debian.org/debian-lts-announce/2026/02/msg00012.html
FAQ
What is CVE-2025-27234?
CVE-2025-27234 is a documented vulnerability. Zabbix Agent 2 smartctl plugin does not properly sanitize smart.disk.get parameters, allowing an attacker to inject unexpected arguments into the smartctl command. In Zabbix 5.0 this allows for remote...
How severe is CVE-2025-27234?
CVSS scoring is not yet available for CVE-2025-27234. Check NVD for updates.
Is there a patch for CVE-2025-27234?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.