Zabbix Agent Flaw Allows SYSTEM Privilege Escalation

A high-severity vulnerability, CVE-2025-27237, affects Zabbix Agent and Agent2 on Windows systems, enabling local privilege escalation. The flaw stems from the agent loading its OpenSSL configuration from a directory where low-privileged users can write files. An attacker can modify this configuration to inject a malicious DLL, which is then executed with SYSTEM-level rights when the agent service restarts. This grants the attacker full control over the compromised host. Zabbix has released patches for all affected versions and recommends administrators upgrade immediately to prevent potential system takeovers.

Latest mentioned: 10-06

Earliest mentioned: 10-06

Sources

securityonline.info gbhackers.com

Also Read

PhantomRaven Supply-Chain Attack Infects npm Ecosystem

Koi Security has discovered a massive supply-chain attack called PhantomRaven, which has infected the npm ecosystem with 126 malicious packages downloaded over 86,000 times. The campaign, active since August 2025, steals npm authentication tokens, GitHub credentials, and CI/CD secrets by concealing malicious code in dependencies. The attackers used Remote Dynamic Dependencies (RDD) to bypass security scanners, making the packages appear harmless. The malware executed automatically during installation, performing aggressive reconnaissance and exfiltration. Koi Security noted the use of AI-driven slopsquatting to create plausible-sounding package names, tricking developers into trusting malicious packages.

10-31Read more →