关键漏洞信息 CVE ID: CVE-2025-27234 CVSS Score: 7.3 (High) CVSS Vector: CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:H/Vl:H/VA:H/SC:N/SI:N/SA:N Affected Components: Agent2 plugin Summary: Zabbix Agent 2 smartctl plugin RCE vulnerability in Zabbix 5.0. Description: Zabbix Agent 2 smartctl plugin does not properly sanitize smart.disk.get parameters, allowing an attacker to inject unexpected arguments into the smartctl command. In Zabbix 5.0 this allows for remote code execution. Known Attack Vectors: An attacker could request Agent 2 to monitor a metric with malicious arguments in the smart.disk.get metric. Affected and Fix Versions: Affected: 5.0.0 - 5.0.46 → Fixed: 5.0.47 Mitigation: Update the affected components to their respective fixed versions. Workarounds: Remove smartctl or use strict item key parameter validation with AllowKey/DenyKey.