Uploaded image for project: 'ZABBIX BUGS AND ISSUES'
  1. ZABBIX BUGS AND ISSUES
  2. ZBX-27283

Agent builds for AIX vulnerable to library loading hijacking (CVE-2025-49642)

XMLWordPrintable

    • Icon: Defect (Security) Defect (Security)
    • Resolution: Fixed
    • Icon: Minor Minor
    • None
    • None
    • Agent (G)
    • None

      CVE ID CVE-2025-49642
      CVSS score 5.9 (Medium)
      CVSS vector CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N
      Affected components Agent
      Summary Agent builds for AIX vulnerable to library loading hijacking
      Description Library loading on AIX Zabbix Agent builds can be hijacked by local users with write access to the /home/cecuser directory.
      Known attack vectors Exploitation requires access to a local user account with write permissions to /home/cecuser.
      Affected and fix version/s Affected: 6.0.0 - 6.0.36 → Fixed: 6.0.40
      Affected: 7.0.0 - 7.0.5 → Fixed: 7.0.6
      Affected: 7.2.0 → Fixed: 7.2.6
      Mitigation Update AIX Zabbix Agent packages to their respective fixed versions.
      Workarounds Make sure /home/cecuser directory is only accessible to trusted users.
      Acknowledgements Zabbix wants to thank José Pina Coelho for finding and reporting this issue.

            zabbix.support Zabbix Support Team
            jnulle Janis Nulle
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: