[ZBX-26985] Zabbix Agent 2 smartctl plugin RCE vulnerability in Zabbix 5.0 (CVE-2025-27234) Created: 2025 Sep 12  Updated: 2025 Sep 12  Resolved: 2025 Sep 12

Status: Closed
Project: ZABBIX BUGS AND ISSUES
Component/s: Agent2 plugin (G)
Affects Version/s: None
Fix Version/s: None

Type: Defect (Security) Priority: Major
Reporter: Janis Nulle Assignee: Zabbix Support Team
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Duplicate

 Description   
CVE ID CVE-2025-27234
CVSS score 7.3 (High)
CVSS vector CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected components Agent2 plugin
Summary Zabbix Agent 2 smartctl plugin RCE vulnerability in Zabbix 5.0.
Description Zabbix Agent 2 smartctl plugin does not properly sanitize smart.disk.get parameters, allowing an attacker to inject unexpected arguments into the smartctl command. In Zabbix 5.0 this allows for remote code execution.
Known attack vectors An attacker could request Agent 2 to monitor a metric with malicious arguments in the smart.disk.get metric.
Affected and fix version/s Affected: 5.0.0 - 5.0.46 → Fixed: 5.0.47
Mitigation Update the affected components to their respective fixed versions.
Workarounds Remove smartctl or use strict item key parameter validation with AllowKey/DenyKey.

Generated at Sat Oct 25 23:09:49 EEST 2025 using Jira 9.12.4#9120004-sha1:625303b708afdb767e17cb2838290c41888e9ff0.