A important safety vulnerability has been found in Zabbix Agent and Agent 2 for Home windows that enables attackers with native system entry to escalate their privileges via DLL injection assaults.
The flaw, tracked as CVE-2025-27237 with a CVSS rating of seven.3 (Excessive), impacts a number of variations of the favored community monitoring answer and has prompted speedy safety updates from Zabbix.
The vulnerability stems from improper dealing with of OpenSSL configuration recordsdata in Home windows environments, the place the configuration file is loaded from a path that may be modified by low-privileged customers.
This design flaw creates an assault vector for malicious actors who can inject dynamic hyperlink libraries (DLLs) to realize elevated system privileges.
Zabbix Agent Home windows Native Privilege Escalation
The safety flaw resides in how Zabbix Agent and Agent 2 course of OpenSSL configuration recordsdata on Home windows programs.
When these brokers initialize, they load the OpenSSL configuration from a file path that has inadequate entry controls, permitting customers with restricted privileges to switch the configuration content material.
The assault requires native system entry and entails modifying the OpenSSL configuration file to reference a malicious DLL that will get loaded in the course of the agent’s startup or system restart course of.
The vulnerability impacts a broad vary of Zabbix variations, together with 6.0.0 via 6.0.40, 7.0.0 via 7.0.17, 7.2.0 via 7.2.11, and seven.4.0 via 7.4.1.
The assault vector has particular conditions: attackers want present entry to the Home windows system with Zabbix Agent put in, and the malicious configuration solely takes impact after the Zabbix Agent service restarts or the system reboots.
Safety researcher himbeer found this vulnerability and reported it via Zabbix’s HackerOne bug bounty program.
The DLL injection approach exploits the belief relationship between the Zabbix Agent service and the OpenSSL library, permitting attackers to execute arbitrary code with the elevated privileges of the agent course of.
Threat FactorsDetailsAffected Merchandise– Zabbix Agent for Home windows 6.0.0 – 6.0.40- Zabbix Agent for Home windows 7.0.0 – 7.0.17- Zabbix Agent2 for Home windows 7.2.0 – 7.2.11- Zabbix Agent2 for Home windows 7.4.0 – 7.4.1ImpactLocal privilege escalationExploit Stipulations– Native Home windows consumer account- Zabbix Agent or Agent 2 installed- Means to switch OpenSSL configuration file path- Agent service or system restart to load malicious DLLCVSS 3.1 Score7.8 (Excessive)
Mitigations
Zabbix has launched safety patches throughout all affected product traces to deal with this privilege escalation vulnerability.
The fastened variations embrace 6.0.41, 7.0.18, 7.2.12, and seven.4.2, which implement correct entry controls for OpenSSL configuration file paths and validate configuration content material earlier than processing.
System directors ought to instantly replace their Zabbix Agent installations to the corresponding patched variations.
The corporate has not offered particular workarounds for this vulnerability, making the safety updates the first mitigation technique.
Organizations utilizing Zabbix monitoring infrastructure ought to prioritize these updates, notably in environments the place a number of customers have native system entry or the place the monitoring brokers run with elevated privileges.
Given the widespread deployment of Zabbix monitoring options in enterprise environments, this safety flaw might probably have an effect on 1000’s of Home windows-based monitoring installations globally.
Observe us on Google Information, LinkedIn, and X for each day cybersecurity updates. Contact us to function your tales.
