{"id":"CVE-2025-27233","details":"Zabbix Agent 2 smartctl plugin does not properly sanitize smart.disk.get parameters, allowing an attacker to inject unexpected arguments into the smartctl command. This can be used to leak the NTLMv2 hash from a Windows system.","modified":"2026-04-10T05:23:55.213530Z","published":"2025-09-12T11:15:31Z","references":[{"type":"WEB","url":"https://support.zabbix.com/browse/ZBX-26987"}],"schema_version":"1.7.5"}