Critical Zabbix Windows Vulnerability Allows Privilege Escalation Through DLL Injection

Patch critical Zabbix Agent vulnerability CVE-2025-27237 now to prevent privilege escalation via DLL injection. No workarounds exist.

By Content Team

Oct 6, 2025

ON THIS PAGE

Share

---

ON THIS PAGE

Want more insights like this?

Subscribe to our newsletter to get the latest software protection strategies delivered to your inbox.

By submitting your email, you consent to Codekeeper contacting you and agree to our privacy policy.

A critical security flaw (CVE-2025-27237) in Zabbix Agent and Agent 2 for Windows lets attackers with local access escalate privileges through DLL injection attacks. The vulnerability, scored 7.3 (High), affects versions 6.0.0-6.0.40, 7.0.0-7.0.17, 7.2.0-7.2.11, and 7.4.0-7.4.1.

The issue stems from improper handling of OpenSSL configuration files, where low-privileged users can modify the config path to inject malicious DLLs. When the agent restarts, it loads the malicious code with elevated system privileges.

Zabbix has released patches (versions 6.0.41, 7.0.18, 7.2.12, and 7.4.2) that fix the access controls. System administrators should update immediately, as no workarounds exist for this widespread enterprise monitoring solution vulnerability.

Source: Cyber Security News

Share this article

Have questions about protecting your software?

Our escrow experts are standing by to help.

Book a free demo

YOU MAY ALSO LIKE

CISA Issues Urgent Warning Over Actively Exploited Langflow AI Platform Vulnerability

Mar 28, 2026

Microsoft Blocks Windows 11 Automated Installation After Critical Security Flaw

Mar 16, 2026

Critical BeyondTrust Flaw Gives Attackers Full Domain Control

Feb 16, 2026

M&S Technology Chief Quits Less Than a Year After Cyber Attack

Jan 22, 2026