CNNVD-202509-1776 Information
CNNVD ID
CNNVD-202509-1776
Related CVE
- CNNVD Published: 2025-09-12
Description (Chinese)
Zabbix是Zabbix公司的一套开源的监控系统。该系统支持网络监控、服务器监控、云监控和应用监控等。 Zabbix存在安全漏洞,该漏洞源于未正确清理smart.disk.get参数,可能导致注入意外参数并泄露Windows系统的NTLMv2哈希。
Description (English)
Zabbix is an open-source monitoring system for Zabbix. The system supports network monitoring, server monitoring, cloud monitoring and application monitoring, etc. There is a security loophole in Zabbix, which stems from an incorrect clean-up of the smart.disk.get parameters, which could lead to the injection of accidental parameters and the leaking of NTLMv2 Hash from Windows.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Zabbix
Published
2025-09-12
Last Modified
2026-02-24
References
https://support.zabbix.com/browse/ZBX-26987 https://vigilance.fr/vulnerability/Zabbix-code-execution-via-Agent-2-Smartctl-Plugin-48218 https://access.redhat.com/security/cve/cve-2025-27233
Patch
https://support.zabbix.com/browse/ZBX-26987
Share on: