Local User Hijack of Zabbix Agent Library Loading on AIX
CVE-2025-49642 Published on December 1, 2025
Agent builds for AIX vulnerable to library loading hijacking
Library loading on AIX Zabbix Agent builds can be hijacked by local users with write access to the /home/cecuser directory.
Weakness Type
What is an Untrusted Path Vulnerability?
The application searches for critical resources using an externally-supplied search path that can point to resources that are not under the application's direct control.
CVE-2025-49642 has been classified to as an Untrusted Path vulnerability or weakness.
Products Associated with CVE-2025-49642
Want to know whenever a new CVE is published for Zabbix? stack.watch will email you.
Affected Versions
Zabbix:- Version 6.0.0, <= 6.0.36 is affected.
- Version 7.0.0, <= 7.0.5 is affected.
- Version 7.2.0 and below 7.2.1 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.