CVE-2025-27233

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-27233

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-27233.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-27233

Downstream

DEBIAN-CVE-2025-27233

UBUNTU-CVE-2025-27233

Published

2025-09-12T11:15:31Z

Modified

2026-04-10T05:23:55.213530Z

Summary

[none]

Details

Zabbix Agent 2 smartctl plugin does not properly sanitize smart.disk.get parameters, allowing an attacker to inject unexpected arguments into the smartctl command. This can be used to leak the NTLMv2 hash from a Windows system.

References

https://support.zabbix.com/browse/ZBX-26987

CVE-2025-27233

Affected packages