CVE-2025-49642

Summary

Library loading on AIX Zabbix Agent builds can be hijacked by local users with write access to the /home/cecuser directory.

Affected Software

VendorProductVersion RangeStatus
ZabbixZabbix6.0.0 <= 6.0.36affected
ZabbixZabbix7.0.0 <= 7.0.5affected
ZabbixZabbix7.2.0 < 7.2.1affected

Weaknesses

  • CWE-426: CWE-426: Untrusted Search Path

Workarounds

Make sure /home/cecuser directory is only accessible to trusted users.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References