Agent builds for AIX vulnerable to library loading hijacking (CVE-2025-49642)

XMLWordPrintable

    • Type: Defect (Security)
    • Resolution: Fixed
    • Priority: Minor
    • None
    • Affects Version/s: None
    • Component/s: Agent (G)
    • None

      CVE ID CVE-2025-49642
      CVSS score 5.9 (Medium)
      CVSS vector CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N
      Affected components Agent
      Summary Agent builds for AIX vulnerable to library loading hijacking
      Description Library loading on AIX Zabbix Agent builds can be hijacked by local users with write access to the /home/cecuser directory.
      Known attack vectors Exploitation requires access to a local user account with write permissions to /home/cecuser.
      Affected and fix version/s Affected: 6.0.0 - 6.0.36 → Fixed: 6.0.40
      Affected: 7.0.0 - 7.0.5 → Fixed: 7.0.6
      Affected: 7.2.0 → Fixed: 7.2.6
      Mitigation Update AIX Zabbix Agent packages to their respective fixed versions.
      Workarounds Make sure /home/cecuser directory is only accessible to trusted users.
      Acknowledgements Zabbix wants to thank José Pina Coelho for finding and reporting this issue.

            Assignee:
            Zabbix Support Team
            Reporter:
            Janis Nulle
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: