Home

Description

Library loading on AIX Zabbix Agent builds can be hijacked by local users with write access to the /home/cecuser directory.

PUBLISHED Reserved 2025-06-09 | Published 2025-12-01 | Updated 2025-12-01 | Assigner Zabbix




MEDIUM: 5.8CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-426: Untrusted Search Path

Product status

Default status
unknown

6.0.0 (git)
affected

7.0.0 (git)
affected

7.2.0 (git) before 7.2.1
affected

Credits

Zabbix wants to thank José Pina Coelho for finding and reporting this issue. reporter

References

support.zabbix.com/browse/ZBX-27283

cve.org (CVE-2025-49642)

nvd.nist.gov (CVE-2025-49642)

Download JSON