以下是关于漏洞的关键信息: 漏洞信息 CVE ID: CVE-2025-49642 CVSS score: 5.9 (Medium) CVSS vector: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N Affected components: Agent Summary: Agent builds for AIX vulnerable to library loading hijacking Description: Library loading on AIX Zabbix Agent builds can be hijacked by local users with write access to the /home/cecuser directory. Known attack vectors: Exploitation requires access to a local user account with write permissions to /home/cecuser. 受影响版本与修复 受影响和修复版本: - Affected: 6.0.0 - 6.0.36 → Fixed: 6.0.40 - Affected: 7.0.0 - 7.0.5 → Fixed: 7.0.6 - Affected: 7.2.0 → Fixed: 7.2.6 减缓措施与解决办法 Mitigation: Update AIX Zabbix Agent packages to their respective fixed versions. Workarounds: Make sure /home/cecuser directory is only accessible to trusted users. 致谢 Zabbix wants to thank José Pina Coelho for finding and reporting this issue.