A security flaw in Zabbix Agent and Agent2 for Windows has been discovered that could allow a local attacker to gain higher system privileges.
The issue, tracked as CVE-2025-27237, stems from the way the agent loads its OpenSSL configuration file.
By exploiting this weakness, an attacker with limited rights on a Windows host could escalate privileges to SYSTEM level.
Zabbix is an open-source monitoring solution widely used to track the health and performance of network devices, servers, and applications.
Its Agent and Agent2 components run with elevated permissions on Windows to collect detailed system metrics.
The configuration for secure communication, using OpenSSL, relies on an external file that should only be modifiable by administrators. However, in affected versions this file is loaded from a directory where low-privileged users can write data.
Details of the Vulnerability
In versions 6.0.0 through 6.0.40, 7.0.0 through 7.0.17, 7.2.0 through 7.2.11, and 7.4.0 through 7.4.1, the OpenSSL configuration file path is insecure.
A local user can replace or modify the file to inject a malicious DLL. When the Zabbix Agent or Agent2 service restarts, it loads the malformed configuration and executes the attacker’s code with SYSTEM privileges. This grants full control over the host.
| CVE ID | Affected Versions | Impact | CVSS 4.0 Score Vector |
| CVE-2025-27237 | 6.0.0 – 6.0.40 7.0.0 – 7.0.17 7.2.0 – 7.2.11 7.4.0 – 7.4.1 |
Local privilege escalation | 7.3 (High) |
The flaw was reported by researcher himbeer via the HackerOne bug bounty program and classified as a major security defect. Zabbix Support Team confirmed the defect and marked it as fixed in recent patch releases.
Mitigation and Recommendations
All users running Zabbix Agent or Agent2 on Windows are strongly urged to upgrade immediately to one of the fixed versions:
- 6.0.41
- 7.0.18
- 7.2.12
- 7.4.2
Upgrading replaces the insecure configuration path and removes the ability for non-administrative accounts to modify critical files.
After updating, restart the Zabbix Agent or Agent2 service to apply the patch. No known workarounds exist aside from applying the update.
By promptly installing the fixed versions, organizations can prevent attackers from exploiting this vulnerability to take full control of Windows hosts monitored by Zabbix.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.
