Ddos 
A newly disclosed vulnerability in the Zabbix Agent and Agent 2 for Windows could allow local attackers to gain elevated privileges by exploiting a DLL injection flaw in the software’s OpenSSL configuration handling. Tracked as CVE-2025-27237, the issue carries a CVSS score of 7.3 (High) and has been patched in the latest Zabbix releases.
According to Zabbix’s advisory, the problem lies in how Zabbix Agent and Agent 2 load the OpenSSL configuration file on Windows systems. The file is located in a directory that is writable by low-privileged users, creating an opportunity for manipulation.
In essence, an attacker with access to a local account on a Windows machine running Zabbix can modify the OpenSSL configuration file to inject a malicious DLL, which will then be executed when the agent starts.
The vulnerability note explains:
“In Zabbix Agent and Agent 2 on Windows, the OpenSSL configuration file is loaded from a path writable by low-privileged users, allowing malicious modification and potential local privilege escalation by injecting a DLL.”
While CVE-2025-27237 cannot be exploited remotely, it provides a significant post-exploitation opportunity. A local Windows user—such as one with restricted rights—could tamper with the OpenSSL configuration file used by Zabbix Agent.
Once altered, the malicious DLL would be loaded automatically after the Zabbix Agent or the entire system restarts, resulting in privilege escalation or persistence on the affected machine.
Zabbix notes that:
“Known attack vectors: A local Windows user with Zabbix Agent installed could modify the OpenSSL configuration file, but this file is only loaded after Zabbix Agent or the system restarts.”
Zabbix has released fixed versions across all supported branches to address the issue. The affected and patched versions are as follows:
| Zabbix Branch | Affected Versions | Fixed Version |
|---|---|---|
| 6.0 LTS | 6.0.0 – 6.0.40 | 6.0.41 |
| 7.0 | 7.0.0 – 7.0.17 | 7.0.18 |
| 7.2 | 7.2.0 – 7.2.11 | 7.2.12 |
| 7.4 | 7.4.0 – 7.4.1 | 7.4.2 |
The patch introduces stricter permission controls on configuration files and ensures that OpenSSL paths are no longer writable by unprivileged users.
Zabbix recommends immediate upgrades to the fixed versions and advises system administrators to review file system permissions for existing agent installations.
Related Posts:
- Multiple Vulnerabilities in Zabbix Open the Door to XSS, DoS, and SQL Injection
- CVE-2024-42327 (CVSS 9.9): Critical SQL Injection Vulnerability Found in Zabbix
- PoC Exploit Releases for Critical Zabbix Vulnerability – CVE-2024-42327 (CVSS 9.9)
- CVE-2024-42330 (CVSS 9.1): Zabbix Patches Critical Remote Code Execution Vulnerability
- Zabbix Addresses Multi Vulnerabilities, Including RCE CVE-2024-36461 (CVSS 9.1) Flaw
Donate