Alerts This Week
Warning Icon 1 1,146
Alerts This Week
Warning Icon 1 1,146

Debian 11 Zabbix Critical Remote Code Exec Vuln DLA-4473-1 CVE-2025-27234

debian lts
Calendar Grey February 8, 2026
Dist Debian Esm H88
Zabbix Agent 2 faces critical code execution flaw, impacting Debian systems. Upgrade advised to mitigate risks of exploitation.
zabbix a popular network monitoring solution was affected by a vulnerabilty

Summary

Zabbix Agent 2 smartctl plugin does not properly sanitize smart.disk.get
parameters, allowing an attacker to inject unexpected arguments into
the smartctl command. In Zabbix 5.0 this allows for remote code execution.

For Debian 11 bullseye, this problem has been fixed in version
1:5.0.47+dfsg-0+deb11u1.

We recommend that you upgrade your zabbix packages.

For the detailed security status of zabbix please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/source-package/zabbix

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


Severity
critical
Lowest
Low
Medium
High
Critical

Package: zabbix
Version: 1:5.0.47+dfsg-0+deb11u1
CVE ID: CVE-2025-27234

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here