Security News

Cybersecurity news aggregator

🪟
HIGH Vulnerabilities Web Discovery

Zabbix security flaw affects Windows agents

zabbixwindowsprivilege-escalationcve-2025-27237mitre-ta0004
Zabbix has patched a high-severity Windows privilege escalation vulnerability (CVE-2025
Read Full Article →

Uncategorized Zabbix security flaw affects Windows agents October 7, 2025 By SC Staff Cyber Security News reports that Zabbix has patched a high-severity Windows privilege escalation vulnerability, tracked as CVE-2025-27237, in its monitoring agents. The flaw results from improper handling of OpenSSL configuration files, allowing local users to modify file paths and trigger dynamic link library injections to gain elevated privileges. Exploitation requires local access, modification of the OpenSSL configuration file path, and a restart of the Zabbix Agent service or system. Researcher himbeer reported the issue through Zabbix's HackerOne bug bounty program. It affects a wide range of product versions, including Zabbix Agent 6.0.06.0.40 and 7.0.07.0.17 and Agent 2 versions 7.2.07.2.11 and 7.4.07.4.1. Zabbix has released patched versions of 6.0.41, 7.0.18, 7.2.12, and 7.4.2, which introduce stricter access controls and validation of OpenSSL configuration files. The company has urged administrators to upgrade immediately, as no workarounds exist. Organizations using Zabbix monitoring tools, particularly in shared or multi-user Windows environments, should prioritize patching to prevent the potential exploitation of the flaw that could impact thousands of Windows-based monitoring setups. SC Staff Zero Trust World Hackers, surprises and outer space: What we’ll see at Zero Trust World 2026 Paul Wagenseil January 20, 2026 ThreatLocker's annual Florida conference promises to mix serious learning experiences with some fun in the sun. SC Awards Bouncing back better: Submit your nominations for the Resilient CISO Award Paul Wagenseil January 5, 2026 At RSAC 2026, Absolute Security and CyberRisk Alliance will honor five winners with the brand-new Resilient CISO Award. Here's how to submit your nominations. Uncategorized Root of massive Coupang breach reportedly uncovered SC Staff December 26, 2025 Major South Korean online retailer Coupang has attributed the recent exposure of its customers' data to a former employee, reports Korea JoongAng Daily. Get daily email updates SC Media's daily must-read of the most current and pressing daily news You can skip this ad in 5 seconds

Related Articles

MEDIUM SEK | Zabbix releases fixes for three vulnerabilities in monitoring agents Web Discovery CRITICAL CVE-2024-42327 Impact, Exploitability, and Mitigation Steps | Wiz Web Discovery HIGH CVE-2020-36934: Deep Instinct Windows Agent 1.2.24.0 contains an unquoted service path vulnerability in the DeepNetw... NIST NVD HIGH CVE-2020-36936: Magic Mouse 2 Utilities 2.20 contains an unquoted service path vulnerability in its Windows service ... NIST NVD
Read Full Article → ← Back to News

Share this article

Twitter Facebook LinkedIn