CVE-2025-27237

Vulnerability Description

In Zabbix Agent and Agent 2 on Windows, the OpenSSL configuration file is loaded from a path writable by low-privileged users, allowing malicious modification and potential local privilege escalation by injecting a DLL.

Related Weaknesses (CWE)

CWE-427

References

https://support.zabbix.com/browse/ZBX-27061

FAQ

What is CVE-2025-27237?

CVE-2025-27237 is a documented vulnerability. In Zabbix Agent and Agent 2 on Windows, the OpenSSL configuration file is loaded from a path writable by low-privileged users, allowing malicious modification and potential local privilege escalation ...

How severe is CVE-2025-27237?

CVSS scoring is not yet available for CVE-2025-27237. Check NVD for updates.

Is there a patch for CVE-2025-27237?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.