CVE-2025-49642

Library loading on AIX Zabbix Agent builds can be hijacked by local users with write access to the /home/cecuser directory.

CVSS

No CVSS.

References

Link	Resource
https://support.zabbix.com/browse/ZBX-27283

Configurations

No configuration.

History

15 Apr 2026, 00:35

Type	Values Removed	Values Added
Summary		(es) La carga de bibliotecas en las compilaciones del Agente Zabbix de AIX puede ser secuestrada por usuarios locales con acceso de escritura al directorio /home/cecuser.

01 Dec 2025, 14:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-12-01 14:16

Updated : 2026-04-29 01:00

NVD link : CVE-2025-49642

Mitre link : CVE-2025-49642

CVE.ORG link : CVE-2025-49642

JSON object : View

Products Affected

No product.

CWE

CWE-426

Untrusted Search Path

{"id": "CVE-2025-49642", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "security@zabbix.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 5.9, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-12-01T14:16:05.420", "references": [{"url": "https://support.zabbix.com/browse/ZBX-27283", "source": "security@zabbix.com"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "security@zabbix.com", "description": [{"lang": "en", "value": "CWE-426"}]}], "descriptions": [{"lang": "en", "value": "Library loading on AIX Zabbix Agent builds can be hijacked by local users with write access to the /home/cecuser directory."}, {"lang": "es", "value": "La carga de bibliotecas en las compilaciones del Agente Zabbix de AIX puede ser secuestrada por usuarios locales con acceso de escritura al directorio /home/cecuser."}], "lastModified": "2026-04-29T01:00:01.613", "sourceIdentifier": "security@zabbix.com"}

CVE-2025-49642

JSON object

Attach tags to CVE-2025-49642

Attach tags to `CVE-2025-49642`