CVE-2025-27234

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-27234

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-27234.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-27234

Downstream

DEBIAN-CVE-2025-27234

DLA-4473-1

UBUNTU-CVE-2025-27234

Published

2025-09-12T11:15:31Z

Modified

2026-04-10T05:23:54.218937Z

Summary

[none]

Details

Zabbix Agent 2 smartctl plugin does not properly sanitize smart.disk.get parameters, allowing an attacker to inject unexpected arguments into the smartctl command. In Zabbix 5.0 this allows for remote code execution.

References

https://support.zabbix.com/browse/ZBX-26985

CVE-2025-27234

Affected packages