Search criteria
333 vulnerabilities found for zabbix by zabbix
CVE-2025-49643 (GCVE-0-2025-49643)
Vulnerability from cvelistv5 – Published: 2025-12-01 13:05 – Updated: 2025-12-01 14:34
VLAI?
Summary
An authenticated Zabbix user (including Guest) is able to cause disproportionate CPU load on the webserver by sending specially crafted parameters to /imgstore.php, leading to potential denial of service.
Severity ?
CWE
- CWE-405 - Asymmetric Resource Consumption (Amplification)
Assigner
References
Impacted products
Credits
Zabbix wants to thank Pamparau Sebastian (sebiee) for submitting this report on the HackerOne bug bounty platform.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-49643",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-01T14:33:57.352604Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-01T14:34:20.496Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"modules": [
"Frontend"
],
"product": "Zabbix",
"repo": "https://git.zabbix.com/",
"vendor": "Zabbix",
"versions": [
{
"changes": [
{
"at": "6.0.42",
"status": "unaffected"
}
],
"lessThanOrEqual": "6.0.41",
"status": "affected",
"version": "6.0.0",
"versionType": "git"
},
{
"changes": [
{
"at": "7.0.19",
"status": "unaffected"
}
],
"lessThanOrEqual": "7.0.18",
"status": "affected",
"version": "7.0.0",
"versionType": "git"
},
{
"changes": [
{
"at": "7.2.13",
"status": "unaffected"
}
],
"lessThanOrEqual": "7.2.12",
"status": "affected",
"version": "7.2.0",
"versionType": "git"
},
{
"changes": [
{
"at": "7.4.3",
"status": "unaffected"
}
],
"lessThanOrEqual": "7.4.2",
"status": "affected",
"version": "7.4.0",
"versionType": "git"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAn authenticated user sending crafted HTTP requests to Zabbix Frontend.\u003c/p\u003e"
}
],
"value": "An authenticated user sending crafted HTTP requests to Zabbix Frontend."
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Zabbix wants to thank Pamparau Sebastian (sebiee) for submitting this report on the HackerOne bug bounty platform."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAn authenticated Zabbix user (including Guest) is able to cause disproportionate CPU load on the webserver by sending specially crafted parameters to /imgstore.php, leading to potential denial of service.\u003c/p\u003e"
}
],
"value": "An authenticated Zabbix user (including Guest) is able to cause disproportionate CPU load on the webserver by sending specially crafted parameters to /imgstore.php, leading to potential denial of service."
}
],
"impacts": [
{
"capecId": "CAPEC-490",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-490: Amplification"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "ADJACENT",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-405",
"description": "CWE-405: Asymmetric Resource Consumption (Amplification)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-01T13:05:33.613Z",
"orgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
"shortName": "Zabbix"
},
"references": [
{
"url": "https://support.zabbix.com/browse/ZBX-27284"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUpdate the affected components to their respective fixed versions.\u003c/p\u003e"
}
],
"value": "Update the affected components to their respective fixed versions."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Frontend DoS vulnerability due to asymmetric resource consumption",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
"assignerShortName": "Zabbix",
"cveId": "CVE-2025-49643",
"datePublished": "2025-12-01T13:05:33.613Z",
"dateReserved": "2025-06-09T12:23:32.445Z",
"dateUpdated": "2025-12-01T14:34:20.496Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-49642 (GCVE-0-2025-49642)
Vulnerability from cvelistv5 – Published: 2025-12-01 13:03 – Updated: 2025-12-01 14:36
VLAI?
Summary
Library loading on AIX Zabbix Agent builds can be hijacked by local users with write access to the /home/cecuser directory.
Severity ?
CWE
- CWE-426 - Untrusted Search Path
Assigner
References
Impacted products
Credits
Zabbix wants to thank José Pina Coelho for finding and reporting this issue.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-49642",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-01T14:36:06.559257Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-01T14:36:26.384Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"modules": [
"Agent"
],
"product": "Zabbix",
"repo": "https://git.zabbix.com/",
"vendor": "Zabbix",
"versions": [
{
"changes": [
{
"at": "6.0.40",
"status": "unaffected"
}
],
"lessThanOrEqual": "6.0.36",
"status": "affected",
"version": "6.0.0",
"versionType": "git"
},
{
"changes": [
{
"at": "7.0.6",
"status": "unaffected"
}
],
"lessThanOrEqual": "7.0.5",
"status": "affected",
"version": "7.0.0",
"versionType": "git"
},
{
"changes": [
{
"at": "7.2.6",
"status": "unaffected"
}
],
"lessThan": "7.2.1",
"status": "affected",
"version": "7.2.0",
"versionType": "git"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eExploitation requires access to a local user account with write permissions to /home/cecuser.\u003c/p\u003e"
}
],
"value": "Exploitation requires access to a local user account with write permissions to /home/cecuser."
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Zabbix wants to thank Jos\u00e9 Pina Coelho for finding and reporting this issue."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eLibrary loading on AIX Zabbix Agent builds can be hijacked by local users with write access to the /home/cecuser directory.\u003c/p\u003e"
}
],
"value": "Library loading on AIX Zabbix Agent builds can be hijacked by local users with write access to the /home/cecuser directory."
}
],
"impacts": [
{
"capecId": "CAPEC-159",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-159: Redirect Access to Libraries"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "CWE-426: Untrusted Search Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-01T13:03:38.752Z",
"orgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
"shortName": "Zabbix"
},
"references": [
{
"url": "https://support.zabbix.com/browse/ZBX-27283"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUpdate AIX Zabbix Agent packages to their respective fixed versions.\u003c/p\u003e"
}
],
"value": "Update AIX Zabbix Agent packages to their respective fixed versions."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Agent builds for AIX vulnerable to library loading hijacking",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eMake sure /home/cecuser directory is only accessible to trusted users.\u003c/p\u003e"
}
],
"value": "Make sure /home/cecuser directory is only accessible to trusted users."
}
],
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
"assignerShortName": "Zabbix",
"cveId": "CVE-2025-49642",
"datePublished": "2025-12-01T13:03:38.752Z",
"dateReserved": "2025-06-09T12:23:32.445Z",
"dateUpdated": "2025-12-01T14:36:26.384Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-27232 (GCVE-0-2025-27232)
Vulnerability from cvelistv5 – Published: 2025-12-01 12:55 – Updated: 2025-12-01 14:38
VLAI?
Summary
An authenticated Zabbix Super Admin can exploit the oauth.authorize action to read arbitrary files from the webserver leading to potential confidentiality loss.
Severity ?
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
Credits
Zabbix wants to thank o4ncL1 for submitting this report on the HackerOne bug bounty platform.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-27232",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-01T14:38:44.799482Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-01T14:38:51.199Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"modules": [
"Frontend"
],
"product": "Zabbix",
"repo": "https://git.zabbix.com/",
"vendor": "Zabbix",
"versions": [
{
"changes": [
{
"at": "7.4.3",
"status": "unaffected"
}
],
"lessThanOrEqual": "7.4.2",
"status": "affected",
"version": "7.4.0",
"versionType": "git"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAn authenticated Super Admin sending crafted HTTP requests to Zabbix Frontend.\u003c/p\u003e"
}
],
"value": "An authenticated Super Admin sending crafted HTTP requests to Zabbix Frontend."
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Zabbix wants to thank o4ncL1 for submitting this report on the HackerOne bug bounty platform."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAn authenticated Zabbix Super Admin can exploit the oauth.authorize action to read arbitrary files from the webserver leading to potential confidentiality loss.\u003c/p\u003e"
}
],
"value": "An authenticated Zabbix Super Admin can exploit the oauth.authorize action to read arbitrary files from the webserver leading to potential confidentiality loss."
}
],
"impacts": [
{
"capecId": "CAPEC-664",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-664: Server Side Request Forgery"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-01T12:55:51.722Z",
"orgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
"shortName": "Zabbix"
},
"references": [
{
"url": "https://support.zabbix.com/browse/ZBX-27282"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUpdate the affected components to their respective fixed versions.\u003c/p\u003e"
}
],
"value": "Update the affected components to their respective fixed versions."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Frontend arbitrary file read in oauth.authorize action",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
"assignerShortName": "Zabbix",
"cveId": "CVE-2025-27232",
"datePublished": "2025-12-01T12:55:51.722Z",
"dateReserved": "2025-02-20T11:40:38.479Z",
"dateUpdated": "2025-12-01T14:38:51.199Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-49641 (GCVE-0-2025-49641)
Vulnerability from cvelistv5 – Published: 2025-10-03 11:29 – Updated: 2025-10-03 13:52
VLAI?
Summary
A regular Zabbix user with no permission to the Monitoring -> Problems view is still able to call the problem.view.refresh action and therefore still retrieve a list of active problems.
Severity ?
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
Impacted products
Credits
Zabbix wants to thank Y. Kahveci for finding and reporting this issue.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-49641",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-03T13:51:55.338553Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-03T13:52:02.429Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"modules": [
"Frontend"
],
"product": "Zabbix",
"repo": "https://git.zabbix.com/",
"vendor": "Zabbix",
"versions": [
{
"changes": [
{
"at": "6.0.41",
"status": "unaffected"
}
],
"lessThanOrEqual": "6.0.40",
"status": "affected",
"version": "6.0.0",
"versionType": "git"
},
{
"changes": [
{
"at": "7.0.18",
"status": "unaffected"
}
],
"lessThanOrEqual": "7.0.17",
"status": "affected",
"version": "7.0.0",
"versionType": "git"
},
{
"changes": [
{
"at": "7.2.12",
"status": "unaffected"
}
],
"lessThanOrEqual": "7.2.11",
"status": "affected",
"version": "7.2.0",
"versionType": "git"
},
{
"changes": [
{
"at": "7.4.2",
"status": "unaffected"
}
],
"lessThanOrEqual": "7.4.1",
"status": "affected",
"version": "7.4.0",
"versionType": "git"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe action problem.view.refresh could be called by a user with insufficient privileges.\u003c/p\u003e"
}
],
"value": "The action problem.view.refresh could be called by a user with insufficient privileges."
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Zabbix wants to thank Y. Kahveci for finding and reporting this issue."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA regular Zabbix user with no permission to the Monitoring -\u0026gt; Problems view is still able to call the problem.view.refresh action and therefore still retrieve a list of active problems.\u003c/p\u003e"
}
],
"value": "A regular Zabbix user with no permission to the Monitoring -\u003e Problems view is still able to call the problem.view.refresh action and therefore still retrieve a list of active problems."
}
],
"impacts": [
{
"capecId": "CAPEC-122",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-122: Privilege Abuse"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-03T11:29:26.451Z",
"orgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
"shortName": "Zabbix"
},
"references": [
{
"url": "https://support.zabbix.com/browse/ZBX-27063"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUpdate the affected components to their respective fixed versions.\u003c/p\u003e"
}
],
"value": "Update the affected components to their respective fixed versions."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Insufficient permission check for the problem.view.refresh action",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
"assignerShortName": "Zabbix",
"cveId": "CVE-2025-49641",
"datePublished": "2025-10-03T11:29:26.451Z",
"dateReserved": "2025-06-09T12:23:32.445Z",
"dateUpdated": "2025-10-03T13:52:02.429Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-27237 (GCVE-0-2025-27237)
Vulnerability from cvelistv5 – Published: 2025-10-03 11:28 – Updated: 2025-10-04 03:55
VLAI?
Summary
In Zabbix Agent and Agent 2 on Windows, the OpenSSL configuration file is loaded from a path writable by low-privileged users, allowing malicious modification and potential local privilege escalation by injecting a DLL.
Severity ?
CWE
- CWE-427 - Uncontrolled Search Path Element
Assigner
References
Impacted products
Credits
Zabbix wants to thank himbeer for submitting this report on the HackerOne bug bounty platform.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-27237",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-03T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-04T03:55:24.833Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"modules": [
"Agent",
"Agent2"
],
"product": "Zabbix",
"repo": "https://git.zabbix.com/",
"vendor": "Zabbix",
"versions": [
{
"changes": [
{
"at": "6.0.41",
"status": "unaffected"
}
],
"lessThanOrEqual": "6.0.40",
"status": "affected",
"version": "6.0.0",
"versionType": "git"
},
{
"changes": [
{
"at": "7.0.18",
"status": "unaffected"
}
],
"lessThanOrEqual": "7.0.17",
"status": "affected",
"version": "7.0.0",
"versionType": "git"
},
{
"changes": [
{
"at": "7.2.12",
"status": "unaffected"
}
],
"lessThanOrEqual": "7.2.11",
"status": "affected",
"version": "7.2.0",
"versionType": "git"
},
{
"changes": [
{
"at": "7.4.2",
"status": "unaffected"
}
],
"lessThanOrEqual": "7.4.1",
"status": "affected",
"version": "7.4.0",
"versionType": "git"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA local Windows user with Zabbix Agent installed could modify the OpenSSL configuration file, but this file is only loaded after Zabbix Agent or the system restarts.\u003c/p\u003e"
}
],
"value": "A local Windows user with Zabbix Agent installed could modify the OpenSSL configuration file, but this file is only loaded after Zabbix Agent or the system restarts."
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Zabbix wants to thank himbeer for submitting this report on the HackerOne bug bounty platform."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn Zabbix Agent and Agent 2 on Windows, the OpenSSL configuration file is loaded from a path writable by low-privileged users, allowing malicious modification and potential local privilege escalation by injecting a DLL.\u003c/p\u003e"
}
],
"value": "In Zabbix Agent and Agent 2 on Windows, the OpenSSL configuration file is loaded from a path writable by low-privileged users, allowing malicious modification and potential local privilege escalation by injecting a DLL."
}
],
"impacts": [
{
"capecId": "CAPEC-471",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-471: Search Order Hijacking"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427: Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-03T11:28:43.076Z",
"orgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
"shortName": "Zabbix"
},
"references": [
{
"url": "https://support.zabbix.com/browse/ZBX-27061"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUpdate the affected components to their respective fixed versions.\u003c/p\u003e"
}
],
"value": "Update the affected components to their respective fixed versions."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "DLL injection in Zabbix Agent and Agent 2 via OpenSSL configuration",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
"assignerShortName": "Zabbix",
"cveId": "CVE-2025-27237",
"datePublished": "2025-10-03T11:28:43.076Z",
"dateReserved": "2025-02-20T11:40:38.480Z",
"dateUpdated": "2025-10-04T03:55:24.833Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-27236 (GCVE-0-2025-27236)
Vulnerability from cvelistv5 – Published: 2025-10-03 11:28 – Updated: 2025-10-03 13:52
VLAI?
Summary
A regular Zabbix user can search other users in their user group via Zabbix API by select fields the user does not have access to view. This allows data-mining some field values the user does not have access to.
Severity ?
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
Impacted products
Credits
Zabbix wants to thank yannapostrophe and exod for submitting this report on the HackerOne bug bounty platform.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-27236",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-03T13:52:30.190057Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-03T13:52:36.578Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"modules": [
"Frontend"
],
"product": "Zabbix",
"repo": "https://git.zabbix.com/",
"vendor": "Zabbix",
"versions": [
{
"changes": [
{
"at": "6.0.41",
"status": "unaffected"
}
],
"lessThanOrEqual": "6.0.40",
"status": "affected",
"version": "6.0.38",
"versionType": "git"
},
{
"changes": [
{
"at": "7.0.17",
"status": "unaffected"
}
],
"lessThanOrEqual": "7.0.16",
"status": "affected",
"version": "7.0.9",
"versionType": "git"
},
{
"changes": [
{
"at": "7.2.11",
"status": "unaffected"
}
],
"lessThanOrEqual": "7.2.10",
"status": "affected",
"version": "7.2.3",
"versionType": "git"
},
{
"changes": [
{
"at": "7.4.1",
"status": "unaffected"
}
],
"lessThan": "7.4.1",
"status": "affected",
"version": "7.4.0",
"versionType": "git"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAn authenticated, regular Zabbix user could data-mine some field values on other users in their group.\u003c/p\u003e"
}
],
"value": "An authenticated, regular Zabbix user could data-mine some field values on other users in their group."
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Zabbix wants to thank yannapostrophe and exod for submitting this report on the HackerOne bug bounty platform."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA regular Zabbix user can search other users in their user group via Zabbix API by select fields the user does not have access to view. This allows data-mining some field values the user does not have access to.\u003c/p\u003e"
}
],
"value": "A regular Zabbix user can search other users in their user group via Zabbix API by select fields the user does not have access to view. This allows data-mining some field values the user does not have access to."
}
],
"impacts": [
{
"capecId": "CAPEC-116",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-116: Excavation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "ADJACENT",
"baseScore": 2.1,
"baseSeverity": "LOW",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-03T11:28:09.810Z",
"orgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
"shortName": "Zabbix"
},
"references": [
{
"url": "https://support.zabbix.com/browse/ZBX-27060"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUpdate the affected components to their respective fixed versions.\u003c/p\u003e"
}
],
"value": "Update the affected components to their respective fixed versions."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "User information disclosure via api_jsonrpc.php on method user.get with param search",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
"assignerShortName": "Zabbix",
"cveId": "CVE-2025-27236",
"datePublished": "2025-10-03T11:28:09.810Z",
"dateReserved": "2025-02-20T11:40:38.480Z",
"dateUpdated": "2025-10-03T13:52:36.578Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-27231 (GCVE-0-2025-27231)
Vulnerability from cvelistv5 – Published: 2025-10-03 11:25 – Updated: 2025-10-03 13:55
VLAI?
Summary
The LDAP 'Bind password' value cannot be read after saving, but a Super Admin account can leak it by changing LDAP 'Host' to a rogue LDAP server. To mitigate this, the 'Bind password' value is now reset on 'Host' change.
Severity ?
CWE
- CWE-522 - Insufficiently Protected Credentials
Assigner
References
Impacted products
Credits
Zabbix wants to thank Vladislav Volozhenko for finding and reporting this issue.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-27231",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-03T13:55:44.792764Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-03T13:55:51.559Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"modules": [
"Frontend"
],
"product": "Zabbix",
"repo": "https://git.zabbix.com/",
"vendor": "Zabbix",
"versions": [
{
"changes": [
{
"at": "6.0.41",
"status": "unaffected"
}
],
"lessThanOrEqual": "6.0.40",
"status": "affected",
"version": "6.0.0",
"versionType": "git"
},
{
"changes": [
{
"at": "7.0.18",
"status": "unaffected"
}
],
"lessThanOrEqual": "7.0.17",
"status": "affected",
"version": "7.0.0",
"versionType": "git"
},
{
"changes": [
{
"at": "7.2.12",
"status": "unaffected"
}
],
"lessThanOrEqual": "7.2.11",
"status": "affected",
"version": "7.2.0",
"versionType": "git"
},
{
"changes": [
{
"at": "7.4.2",
"status": "unaffected"
}
],
"lessThanOrEqual": "7.4.1",
"status": "affected",
"version": "7.4.0",
"versionType": "git"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA Zabbix Super Admin can set LDAP \u0027Host\u0027 to a rogue LDAP server to leak the \u0027Bind password\u0027 value.\u003c/p\u003e"
}
],
"value": "A Zabbix Super Admin can set LDAP \u0027Host\u0027 to a rogue LDAP server to leak the \u0027Bind password\u0027 value."
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Zabbix wants to thank Vladislav Volozhenko for finding and reporting this issue."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe LDAP \u0027Bind password\u0027 value cannot be read after saving, but a Super Admin account can leak it by changing LDAP \u0027Host\u0027 to a rogue LDAP server. To mitigate this, the \u0027Bind password\u0027 value is now reset on \u0027Host\u0027 change.\u003c/p\u003e"
}
],
"value": "The LDAP \u0027Bind password\u0027 value cannot be read after saving, but a Super Admin account can leak it by changing LDAP \u0027Host\u0027 to a rogue LDAP server. To mitigate this, the \u0027Bind password\u0027 value is now reset on \u0027Host\u0027 change."
}
],
"impacts": [
{
"capecId": "CAPEC-194",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-194: Fake the Source of Data"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "ADJACENT",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522: Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-03T11:25:14.205Z",
"orgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
"shortName": "Zabbix"
},
"references": [
{
"url": "https://support.zabbix.com/browse/ZBX-27062"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUpdate the affected components to their respective fixed versions.\u003c/p\u003e"
}
],
"value": "Update the affected components to their respective fixed versions."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "LDAP \u0027Bind password\u0027 field value can be leaked by a Zabbix Super Admin",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
"assignerShortName": "Zabbix",
"cveId": "CVE-2025-27231",
"datePublished": "2025-10-03T11:25:14.205Z",
"dateReserved": "2025-02-20T11:40:38.479Z",
"dateUpdated": "2025-10-03T13:55:51.559Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-27240 (GCVE-0-2025-27240)
Vulnerability from cvelistv5 – Published: 2025-09-12 10:33 – Updated: 2025-09-15 12:49
VLAI?
Summary
A Zabbix adminitrator can inject arbitrary SQL during the autoremoval of hosts by inserting malicious SQL in the 'Visible name' field.
Severity ?
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
Impacted products
Credits
Zabbix wants to thank Grzegorz Muszyński (szerszen199) for submitting this report on the HackerOne bug bounty platform.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-27240",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-12T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-13T03:55:33.647Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"modules": [
"Server"
],
"product": "Zabbix",
"repo": "https://git.zabbix.com/",
"vendor": "Zabbix",
"versions": [
{
"changes": [
{
"at": "6.0.34",
"status": "unaffected"
}
],
"lessThanOrEqual": "6.0.33",
"status": "affected",
"version": "6.0.0",
"versionType": "git"
},
{
"changes": [
{
"at": "6.4.19",
"status": "unaffected"
}
],
"lessThanOrEqual": "6.4.18",
"status": "affected",
"version": "6.4.0",
"versionType": "git"
},
{
"changes": [
{
"at": "7.0.4",
"status": "unaffected"
}
],
"lessThanOrEqual": "7.0.3",
"status": "affected",
"version": "7.0.0",
"versionType": "git"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe attacker needs to be a Zabbix administrator and also needs access to a host that is later auto-removed.\u003c/p\u003e"
}
],
"value": "The attacker needs to be a Zabbix administrator and also needs access to a host that is later auto-removed."
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Zabbix wants to thank Grzegorz Muszy\u0144ski (szerszen199) for submitting this report on the HackerOne bug bounty platform."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA Zabbix adminitrator can inject arbitrary SQL during the autoremoval of hosts by inserting malicious SQL in the \u0027Visible name\u0027 field.\u003c/p\u003e"
}
],
"value": "A Zabbix adminitrator can inject arbitrary SQL during the autoremoval of hosts by inserting malicious SQL in the \u0027Visible name\u0027 field."
}
],
"impacts": [
{
"capecId": "CAPEC-66",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-66: SQL Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-15T12:49:03.144Z",
"orgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
"shortName": "Zabbix"
},
"references": [
{
"url": "https://support.zabbix.com/browse/ZBX-26986"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUpdate the affected components to their respective fixed versions.\u003c/p\u003e"
}
],
"value": "Update the affected components to their respective fixed versions."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Secondary-order SQL injection in Zabbix Server when deleting an autoregistered host",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eDisable any Autoregistration actions that remove hosts.\u003c/p\u003e"
}
],
"value": "Disable any Autoregistration actions that remove hosts."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
"assignerShortName": "Zabbix",
"cveId": "CVE-2025-27240",
"datePublished": "2025-09-12T10:33:46.484Z",
"dateReserved": "2025-02-20T11:40:38.480Z",
"dateUpdated": "2025-09-15T12:49:03.144Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-27238 (GCVE-0-2025-27238)
Vulnerability from cvelistv5 – Published: 2025-09-12 10:33 – Updated: 2025-09-15 18:48
VLAI?
Summary
Due to a bug in Zabbix API, the hostprototype.get method lists all host prototypes to users that do not have any user groups assigned to them.
Severity ?
CWE
- :
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-27238",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-12T11:54:14.863048Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-15T18:48:19.882Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"modules": [
"API"
],
"product": "Zabbix",
"repo": "https://git.zabbix.com/",
"vendor": "Zabbix",
"versions": [
{
"changes": [
{
"at": "7.0.14",
"status": "unaffected"
}
],
"lessThanOrEqual": "7.0.13",
"status": "affected",
"version": "7.0.0",
"versionType": "git"
},
{
"changes": [
{
"at": "7.2.8",
"status": "unaffected"
}
],
"lessThanOrEqual": "7.2.7",
"status": "affected",
"version": "7.2.0",
"versionType": "git"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAn attacker could retrieve a list of all host prototypes from API if they have access to a low privilege user account with no user roles assigned.\u003c/p\u003e"
}
],
"value": "An attacker could retrieve a list of all host prototypes from API if they have access to a low privilege user account with no user roles assigned."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eDue to a bug in Zabbix API, the hostprototype.get method lists all host prototypes to users that do not have any user groups assigned to them.\u003c/p\u003e"
}
],
"value": "Due to a bug in Zabbix API, the hostprototype.get method lists all host prototypes to users that do not have any user groups assigned to them."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": ":"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "ADJACENT",
"baseScore": 2.1,
"baseSeverity": "LOW",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": ":",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-12T10:33:17.753Z",
"orgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
"shortName": "Zabbix"
},
"references": [
{
"url": "https://support.zabbix.com/browse/ZBX-26988"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUpdate the affected components to their respective fixed versions.\u003c/p\u003e"
}
],
"value": "Update the affected components to their respective fixed versions."
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "API hostprototype.get lists data to users with insufficient authorization.",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eMake sure there are no Zabbix users without a user group.\u003c/p\u003e"
}
],
"value": "Make sure there are no Zabbix users without a user group."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
"assignerShortName": "Zabbix",
"cveId": "CVE-2025-27238",
"datePublished": "2025-09-12T10:33:17.753Z",
"dateReserved": "2025-02-20T11:40:38.480Z",
"dateUpdated": "2025-09-15T18:48:19.882Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-27233 (GCVE-0-2025-27233)
Vulnerability from cvelistv5 – Published: 2025-09-12 10:32 – Updated: 2025-09-12 11:58
VLAI?
Summary
Zabbix Agent 2 smartctl plugin does not properly sanitize smart.disk.get parameters, allowing an attacker to inject unexpected arguments into the smartctl command. This can be used to leak the NTLMv2 hash from a Windows system.
Severity ?
CWE
- CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Assigner
References
Impacted products
Credits
Zabbix wants to thank kelsier for submitting this report on the HackerOne bug bounty platform.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-27233",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-12T11:57:58.701448Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-12T11:58:28.618Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"modules": [
"Agent2 plugin"
],
"product": "Zabbix",
"repo": "https://git.zabbix.com/",
"vendor": "Zabbix",
"versions": [
{
"changes": [
{
"at": "6.0.40",
"status": "unaffected"
}
],
"lessThanOrEqual": "6.0.39",
"status": "affected",
"version": "6.0.0",
"versionType": "git"
},
{
"changes": [
{
"at": "7.0.11",
"status": "unaffected"
}
],
"lessThanOrEqual": "7.0.10",
"status": "affected",
"version": "7.0.0",
"versionType": "git"
},
{
"changes": [
{
"at": "7.2.5",
"status": "unaffected"
}
],
"lessThanOrEqual": "7.2.4",
"status": "affected",
"version": "7.2.0",
"versionType": "git"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAn attacker could request Agent 2 to monitor a metric with malicious arguments in the smart.disk.get metric.\u003c/p\u003e"
}
],
"value": "An attacker could request Agent 2 to monitor a metric with malicious arguments in the smart.disk.get metric."
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Zabbix wants to thank kelsier for submitting this report on the HackerOne bug bounty platform."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eZabbix Agent 2 smartctl plugin does not properly sanitize smart.disk.get parameters, allowing an attacker to inject unexpected arguments into the smartctl command. This can be used to leak the NTLMv2 hash from a Windows system.\u003c/p\u003e"
}
],
"value": "Zabbix Agent 2 smartctl plugin does not properly sanitize smart.disk.get parameters, allowing an attacker to inject unexpected arguments into the smartctl command. This can be used to leak the NTLMv2 hash from a Windows system."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88: OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "ADJACENT",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:H/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-12T10:32:36.174Z",
"orgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
"shortName": "Zabbix"
},
"references": [
{
"url": "https://support.zabbix.com/browse/ZBX-26987"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUpdate the affected components to their respective fixed versions.\u003c/p\u003e"
}
],
"value": "Update the affected components to their respective fixed versions."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Zabbix Agent 2 smartctl plugin argument injection in Zabbix 6.0 and later.",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eRemove smartctl or use strict item key parameter validation with AllowKey/DenyKey.\u003c/p\u003e"
}
],
"value": "Remove smartctl or use strict item key parameter validation with AllowKey/DenyKey."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
"assignerShortName": "Zabbix",
"cveId": "CVE-2025-27233",
"datePublished": "2025-09-12T10:32:36.174Z",
"dateReserved": "2025-02-20T11:40:38.480Z",
"dateUpdated": "2025-09-12T11:58:28.618Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-49643 (GCVE-0-2025-49643)
Vulnerability from nvd – Published: 2025-12-01 13:05 – Updated: 2025-12-01 14:34
VLAI?
Summary
An authenticated Zabbix user (including Guest) is able to cause disproportionate CPU load on the webserver by sending specially crafted parameters to /imgstore.php, leading to potential denial of service.
Severity ?
CWE
- CWE-405 - Asymmetric Resource Consumption (Amplification)
Assigner
References
Impacted products
Credits
Zabbix wants to thank Pamparau Sebastian (sebiee) for submitting this report on the HackerOne bug bounty platform.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-49643",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-01T14:33:57.352604Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-01T14:34:20.496Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"modules": [
"Frontend"
],
"product": "Zabbix",
"repo": "https://git.zabbix.com/",
"vendor": "Zabbix",
"versions": [
{
"changes": [
{
"at": "6.0.42",
"status": "unaffected"
}
],
"lessThanOrEqual": "6.0.41",
"status": "affected",
"version": "6.0.0",
"versionType": "git"
},
{
"changes": [
{
"at": "7.0.19",
"status": "unaffected"
}
],
"lessThanOrEqual": "7.0.18",
"status": "affected",
"version": "7.0.0",
"versionType": "git"
},
{
"changes": [
{
"at": "7.2.13",
"status": "unaffected"
}
],
"lessThanOrEqual": "7.2.12",
"status": "affected",
"version": "7.2.0",
"versionType": "git"
},
{
"changes": [
{
"at": "7.4.3",
"status": "unaffected"
}
],
"lessThanOrEqual": "7.4.2",
"status": "affected",
"version": "7.4.0",
"versionType": "git"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAn authenticated user sending crafted HTTP requests to Zabbix Frontend.\u003c/p\u003e"
}
],
"value": "An authenticated user sending crafted HTTP requests to Zabbix Frontend."
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Zabbix wants to thank Pamparau Sebastian (sebiee) for submitting this report on the HackerOne bug bounty platform."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAn authenticated Zabbix user (including Guest) is able to cause disproportionate CPU load on the webserver by sending specially crafted parameters to /imgstore.php, leading to potential denial of service.\u003c/p\u003e"
}
],
"value": "An authenticated Zabbix user (including Guest) is able to cause disproportionate CPU load on the webserver by sending specially crafted parameters to /imgstore.php, leading to potential denial of service."
}
],
"impacts": [
{
"capecId": "CAPEC-490",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-490: Amplification"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "ADJACENT",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-405",
"description": "CWE-405: Asymmetric Resource Consumption (Amplification)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-01T13:05:33.613Z",
"orgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
"shortName": "Zabbix"
},
"references": [
{
"url": "https://support.zabbix.com/browse/ZBX-27284"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUpdate the affected components to their respective fixed versions.\u003c/p\u003e"
}
],
"value": "Update the affected components to their respective fixed versions."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Frontend DoS vulnerability due to asymmetric resource consumption",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
"assignerShortName": "Zabbix",
"cveId": "CVE-2025-49643",
"datePublished": "2025-12-01T13:05:33.613Z",
"dateReserved": "2025-06-09T12:23:32.445Z",
"dateUpdated": "2025-12-01T14:34:20.496Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-49642 (GCVE-0-2025-49642)
Vulnerability from nvd – Published: 2025-12-01 13:03 – Updated: 2025-12-01 14:36
VLAI?
Summary
Library loading on AIX Zabbix Agent builds can be hijacked by local users with write access to the /home/cecuser directory.
Severity ?
CWE
- CWE-426 - Untrusted Search Path
Assigner
References
Impacted products
Credits
Zabbix wants to thank José Pina Coelho for finding and reporting this issue.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-49642",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-01T14:36:06.559257Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-01T14:36:26.384Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"modules": [
"Agent"
],
"product": "Zabbix",
"repo": "https://git.zabbix.com/",
"vendor": "Zabbix",
"versions": [
{
"changes": [
{
"at": "6.0.40",
"status": "unaffected"
}
],
"lessThanOrEqual": "6.0.36",
"status": "affected",
"version": "6.0.0",
"versionType": "git"
},
{
"changes": [
{
"at": "7.0.6",
"status": "unaffected"
}
],
"lessThanOrEqual": "7.0.5",
"status": "affected",
"version": "7.0.0",
"versionType": "git"
},
{
"changes": [
{
"at": "7.2.6",
"status": "unaffected"
}
],
"lessThan": "7.2.1",
"status": "affected",
"version": "7.2.0",
"versionType": "git"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eExploitation requires access to a local user account with write permissions to /home/cecuser.\u003c/p\u003e"
}
],
"value": "Exploitation requires access to a local user account with write permissions to /home/cecuser."
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Zabbix wants to thank Jos\u00e9 Pina Coelho for finding and reporting this issue."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eLibrary loading on AIX Zabbix Agent builds can be hijacked by local users with write access to the /home/cecuser directory.\u003c/p\u003e"
}
],
"value": "Library loading on AIX Zabbix Agent builds can be hijacked by local users with write access to the /home/cecuser directory."
}
],
"impacts": [
{
"capecId": "CAPEC-159",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-159: Redirect Access to Libraries"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "CWE-426: Untrusted Search Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-01T13:03:38.752Z",
"orgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
"shortName": "Zabbix"
},
"references": [
{
"url": "https://support.zabbix.com/browse/ZBX-27283"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUpdate AIX Zabbix Agent packages to their respective fixed versions.\u003c/p\u003e"
}
],
"value": "Update AIX Zabbix Agent packages to their respective fixed versions."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Agent builds for AIX vulnerable to library loading hijacking",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eMake sure /home/cecuser directory is only accessible to trusted users.\u003c/p\u003e"
}
],
"value": "Make sure /home/cecuser directory is only accessible to trusted users."
}
],
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
"assignerShortName": "Zabbix",
"cveId": "CVE-2025-49642",
"datePublished": "2025-12-01T13:03:38.752Z",
"dateReserved": "2025-06-09T12:23:32.445Z",
"dateUpdated": "2025-12-01T14:36:26.384Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-27232 (GCVE-0-2025-27232)
Vulnerability from nvd – Published: 2025-12-01 12:55 – Updated: 2025-12-01 14:38
VLAI?
Summary
An authenticated Zabbix Super Admin can exploit the oauth.authorize action to read arbitrary files from the webserver leading to potential confidentiality loss.
Severity ?
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
Credits
Zabbix wants to thank o4ncL1 for submitting this report on the HackerOne bug bounty platform.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-27232",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-01T14:38:44.799482Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-01T14:38:51.199Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"modules": [
"Frontend"
],
"product": "Zabbix",
"repo": "https://git.zabbix.com/",
"vendor": "Zabbix",
"versions": [
{
"changes": [
{
"at": "7.4.3",
"status": "unaffected"
}
],
"lessThanOrEqual": "7.4.2",
"status": "affected",
"version": "7.4.0",
"versionType": "git"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAn authenticated Super Admin sending crafted HTTP requests to Zabbix Frontend.\u003c/p\u003e"
}
],
"value": "An authenticated Super Admin sending crafted HTTP requests to Zabbix Frontend."
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Zabbix wants to thank o4ncL1 for submitting this report on the HackerOne bug bounty platform."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAn authenticated Zabbix Super Admin can exploit the oauth.authorize action to read arbitrary files from the webserver leading to potential confidentiality loss.\u003c/p\u003e"
}
],
"value": "An authenticated Zabbix Super Admin can exploit the oauth.authorize action to read arbitrary files from the webserver leading to potential confidentiality loss."
}
],
"impacts": [
{
"capecId": "CAPEC-664",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-664: Server Side Request Forgery"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-01T12:55:51.722Z",
"orgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
"shortName": "Zabbix"
},
"references": [
{
"url": "https://support.zabbix.com/browse/ZBX-27282"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUpdate the affected components to their respective fixed versions.\u003c/p\u003e"
}
],
"value": "Update the affected components to their respective fixed versions."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Frontend arbitrary file read in oauth.authorize action",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
"assignerShortName": "Zabbix",
"cveId": "CVE-2025-27232",
"datePublished": "2025-12-01T12:55:51.722Z",
"dateReserved": "2025-02-20T11:40:38.479Z",
"dateUpdated": "2025-12-01T14:38:51.199Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-49641 (GCVE-0-2025-49641)
Vulnerability from nvd – Published: 2025-10-03 11:29 – Updated: 2025-10-03 13:52
VLAI?
Summary
A regular Zabbix user with no permission to the Monitoring -> Problems view is still able to call the problem.view.refresh action and therefore still retrieve a list of active problems.
Severity ?
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
Impacted products
Credits
Zabbix wants to thank Y. Kahveci for finding and reporting this issue.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-49641",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-03T13:51:55.338553Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-03T13:52:02.429Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"modules": [
"Frontend"
],
"product": "Zabbix",
"repo": "https://git.zabbix.com/",
"vendor": "Zabbix",
"versions": [
{
"changes": [
{
"at": "6.0.41",
"status": "unaffected"
}
],
"lessThanOrEqual": "6.0.40",
"status": "affected",
"version": "6.0.0",
"versionType": "git"
},
{
"changes": [
{
"at": "7.0.18",
"status": "unaffected"
}
],
"lessThanOrEqual": "7.0.17",
"status": "affected",
"version": "7.0.0",
"versionType": "git"
},
{
"changes": [
{
"at": "7.2.12",
"status": "unaffected"
}
],
"lessThanOrEqual": "7.2.11",
"status": "affected",
"version": "7.2.0",
"versionType": "git"
},
{
"changes": [
{
"at": "7.4.2",
"status": "unaffected"
}
],
"lessThanOrEqual": "7.4.1",
"status": "affected",
"version": "7.4.0",
"versionType": "git"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe action problem.view.refresh could be called by a user with insufficient privileges.\u003c/p\u003e"
}
],
"value": "The action problem.view.refresh could be called by a user with insufficient privileges."
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Zabbix wants to thank Y. Kahveci for finding and reporting this issue."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA regular Zabbix user with no permission to the Monitoring -\u0026gt; Problems view is still able to call the problem.view.refresh action and therefore still retrieve a list of active problems.\u003c/p\u003e"
}
],
"value": "A regular Zabbix user with no permission to the Monitoring -\u003e Problems view is still able to call the problem.view.refresh action and therefore still retrieve a list of active problems."
}
],
"impacts": [
{
"capecId": "CAPEC-122",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-122: Privilege Abuse"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-03T11:29:26.451Z",
"orgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
"shortName": "Zabbix"
},
"references": [
{
"url": "https://support.zabbix.com/browse/ZBX-27063"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUpdate the affected components to their respective fixed versions.\u003c/p\u003e"
}
],
"value": "Update the affected components to their respective fixed versions."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Insufficient permission check for the problem.view.refresh action",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
"assignerShortName": "Zabbix",
"cveId": "CVE-2025-49641",
"datePublished": "2025-10-03T11:29:26.451Z",
"dateReserved": "2025-06-09T12:23:32.445Z",
"dateUpdated": "2025-10-03T13:52:02.429Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-27237 (GCVE-0-2025-27237)
Vulnerability from nvd – Published: 2025-10-03 11:28 – Updated: 2025-10-04 03:55
VLAI?
Summary
In Zabbix Agent and Agent 2 on Windows, the OpenSSL configuration file is loaded from a path writable by low-privileged users, allowing malicious modification and potential local privilege escalation by injecting a DLL.
Severity ?
CWE
- CWE-427 - Uncontrolled Search Path Element
Assigner
References
Impacted products
Credits
Zabbix wants to thank himbeer for submitting this report on the HackerOne bug bounty platform.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-27237",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-03T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-04T03:55:24.833Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"modules": [
"Agent",
"Agent2"
],
"product": "Zabbix",
"repo": "https://git.zabbix.com/",
"vendor": "Zabbix",
"versions": [
{
"changes": [
{
"at": "6.0.41",
"status": "unaffected"
}
],
"lessThanOrEqual": "6.0.40",
"status": "affected",
"version": "6.0.0",
"versionType": "git"
},
{
"changes": [
{
"at": "7.0.18",
"status": "unaffected"
}
],
"lessThanOrEqual": "7.0.17",
"status": "affected",
"version": "7.0.0",
"versionType": "git"
},
{
"changes": [
{
"at": "7.2.12",
"status": "unaffected"
}
],
"lessThanOrEqual": "7.2.11",
"status": "affected",
"version": "7.2.0",
"versionType": "git"
},
{
"changes": [
{
"at": "7.4.2",
"status": "unaffected"
}
],
"lessThanOrEqual": "7.4.1",
"status": "affected",
"version": "7.4.0",
"versionType": "git"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA local Windows user with Zabbix Agent installed could modify the OpenSSL configuration file, but this file is only loaded after Zabbix Agent or the system restarts.\u003c/p\u003e"
}
],
"value": "A local Windows user with Zabbix Agent installed could modify the OpenSSL configuration file, but this file is only loaded after Zabbix Agent or the system restarts."
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Zabbix wants to thank himbeer for submitting this report on the HackerOne bug bounty platform."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn Zabbix Agent and Agent 2 on Windows, the OpenSSL configuration file is loaded from a path writable by low-privileged users, allowing malicious modification and potential local privilege escalation by injecting a DLL.\u003c/p\u003e"
}
],
"value": "In Zabbix Agent and Agent 2 on Windows, the OpenSSL configuration file is loaded from a path writable by low-privileged users, allowing malicious modification and potential local privilege escalation by injecting a DLL."
}
],
"impacts": [
{
"capecId": "CAPEC-471",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-471: Search Order Hijacking"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427: Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-03T11:28:43.076Z",
"orgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
"shortName": "Zabbix"
},
"references": [
{
"url": "https://support.zabbix.com/browse/ZBX-27061"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUpdate the affected components to their respective fixed versions.\u003c/p\u003e"
}
],
"value": "Update the affected components to their respective fixed versions."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "DLL injection in Zabbix Agent and Agent 2 via OpenSSL configuration",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
"assignerShortName": "Zabbix",
"cveId": "CVE-2025-27237",
"datePublished": "2025-10-03T11:28:43.076Z",
"dateReserved": "2025-02-20T11:40:38.480Z",
"dateUpdated": "2025-10-04T03:55:24.833Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-27236 (GCVE-0-2025-27236)
Vulnerability from nvd – Published: 2025-10-03 11:28 – Updated: 2025-10-03 13:52
VLAI?
Summary
A regular Zabbix user can search other users in their user group via Zabbix API by select fields the user does not have access to view. This allows data-mining some field values the user does not have access to.
Severity ?
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
Impacted products
Credits
Zabbix wants to thank yannapostrophe and exod for submitting this report on the HackerOne bug bounty platform.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-27236",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-03T13:52:30.190057Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-03T13:52:36.578Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"modules": [
"Frontend"
],
"product": "Zabbix",
"repo": "https://git.zabbix.com/",
"vendor": "Zabbix",
"versions": [
{
"changes": [
{
"at": "6.0.41",
"status": "unaffected"
}
],
"lessThanOrEqual": "6.0.40",
"status": "affected",
"version": "6.0.38",
"versionType": "git"
},
{
"changes": [
{
"at": "7.0.17",
"status": "unaffected"
}
],
"lessThanOrEqual": "7.0.16",
"status": "affected",
"version": "7.0.9",
"versionType": "git"
},
{
"changes": [
{
"at": "7.2.11",
"status": "unaffected"
}
],
"lessThanOrEqual": "7.2.10",
"status": "affected",
"version": "7.2.3",
"versionType": "git"
},
{
"changes": [
{
"at": "7.4.1",
"status": "unaffected"
}
],
"lessThan": "7.4.1",
"status": "affected",
"version": "7.4.0",
"versionType": "git"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAn authenticated, regular Zabbix user could data-mine some field values on other users in their group.\u003c/p\u003e"
}
],
"value": "An authenticated, regular Zabbix user could data-mine some field values on other users in their group."
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Zabbix wants to thank yannapostrophe and exod for submitting this report on the HackerOne bug bounty platform."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA regular Zabbix user can search other users in their user group via Zabbix API by select fields the user does not have access to view. This allows data-mining some field values the user does not have access to.\u003c/p\u003e"
}
],
"value": "A regular Zabbix user can search other users in their user group via Zabbix API by select fields the user does not have access to view. This allows data-mining some field values the user does not have access to."
}
],
"impacts": [
{
"capecId": "CAPEC-116",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-116: Excavation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "ADJACENT",
"baseScore": 2.1,
"baseSeverity": "LOW",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-03T11:28:09.810Z",
"orgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
"shortName": "Zabbix"
},
"references": [
{
"url": "https://support.zabbix.com/browse/ZBX-27060"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUpdate the affected components to their respective fixed versions.\u003c/p\u003e"
}
],
"value": "Update the affected components to their respective fixed versions."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "User information disclosure via api_jsonrpc.php on method user.get with param search",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
"assignerShortName": "Zabbix",
"cveId": "CVE-2025-27236",
"datePublished": "2025-10-03T11:28:09.810Z",
"dateReserved": "2025-02-20T11:40:38.480Z",
"dateUpdated": "2025-10-03T13:52:36.578Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-27231 (GCVE-0-2025-27231)
Vulnerability from nvd – Published: 2025-10-03 11:25 – Updated: 2025-10-03 13:55
VLAI?
Summary
The LDAP 'Bind password' value cannot be read after saving, but a Super Admin account can leak it by changing LDAP 'Host' to a rogue LDAP server. To mitigate this, the 'Bind password' value is now reset on 'Host' change.
Severity ?
CWE
- CWE-522 - Insufficiently Protected Credentials
Assigner
References
Impacted products
Credits
Zabbix wants to thank Vladislav Volozhenko for finding and reporting this issue.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-27231",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-03T13:55:44.792764Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-03T13:55:51.559Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"modules": [
"Frontend"
],
"product": "Zabbix",
"repo": "https://git.zabbix.com/",
"vendor": "Zabbix",
"versions": [
{
"changes": [
{
"at": "6.0.41",
"status": "unaffected"
}
],
"lessThanOrEqual": "6.0.40",
"status": "affected",
"version": "6.0.0",
"versionType": "git"
},
{
"changes": [
{
"at": "7.0.18",
"status": "unaffected"
}
],
"lessThanOrEqual": "7.0.17",
"status": "affected",
"version": "7.0.0",
"versionType": "git"
},
{
"changes": [
{
"at": "7.2.12",
"status": "unaffected"
}
],
"lessThanOrEqual": "7.2.11",
"status": "affected",
"version": "7.2.0",
"versionType": "git"
},
{
"changes": [
{
"at": "7.4.2",
"status": "unaffected"
}
],
"lessThanOrEqual": "7.4.1",
"status": "affected",
"version": "7.4.0",
"versionType": "git"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA Zabbix Super Admin can set LDAP \u0027Host\u0027 to a rogue LDAP server to leak the \u0027Bind password\u0027 value.\u003c/p\u003e"
}
],
"value": "A Zabbix Super Admin can set LDAP \u0027Host\u0027 to a rogue LDAP server to leak the \u0027Bind password\u0027 value."
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Zabbix wants to thank Vladislav Volozhenko for finding and reporting this issue."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe LDAP \u0027Bind password\u0027 value cannot be read after saving, but a Super Admin account can leak it by changing LDAP \u0027Host\u0027 to a rogue LDAP server. To mitigate this, the \u0027Bind password\u0027 value is now reset on \u0027Host\u0027 change.\u003c/p\u003e"
}
],
"value": "The LDAP \u0027Bind password\u0027 value cannot be read after saving, but a Super Admin account can leak it by changing LDAP \u0027Host\u0027 to a rogue LDAP server. To mitigate this, the \u0027Bind password\u0027 value is now reset on \u0027Host\u0027 change."
}
],
"impacts": [
{
"capecId": "CAPEC-194",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-194: Fake the Source of Data"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "ADJACENT",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522: Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-03T11:25:14.205Z",
"orgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
"shortName": "Zabbix"
},
"references": [
{
"url": "https://support.zabbix.com/browse/ZBX-27062"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUpdate the affected components to their respective fixed versions.\u003c/p\u003e"
}
],
"value": "Update the affected components to their respective fixed versions."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "LDAP \u0027Bind password\u0027 field value can be leaked by a Zabbix Super Admin",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
"assignerShortName": "Zabbix",
"cveId": "CVE-2025-27231",
"datePublished": "2025-10-03T11:25:14.205Z",
"dateReserved": "2025-02-20T11:40:38.479Z",
"dateUpdated": "2025-10-03T13:55:51.559Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-27240 (GCVE-0-2025-27240)
Vulnerability from nvd – Published: 2025-09-12 10:33 – Updated: 2025-09-15 12:49
VLAI?
Summary
A Zabbix adminitrator can inject arbitrary SQL during the autoremoval of hosts by inserting malicious SQL in the 'Visible name' field.
Severity ?
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
Impacted products
Credits
Zabbix wants to thank Grzegorz Muszyński (szerszen199) for submitting this report on the HackerOne bug bounty platform.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-27240",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-12T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-13T03:55:33.647Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"modules": [
"Server"
],
"product": "Zabbix",
"repo": "https://git.zabbix.com/",
"vendor": "Zabbix",
"versions": [
{
"changes": [
{
"at": "6.0.34",
"status": "unaffected"
}
],
"lessThanOrEqual": "6.0.33",
"status": "affected",
"version": "6.0.0",
"versionType": "git"
},
{
"changes": [
{
"at": "6.4.19",
"status": "unaffected"
}
],
"lessThanOrEqual": "6.4.18",
"status": "affected",
"version": "6.4.0",
"versionType": "git"
},
{
"changes": [
{
"at": "7.0.4",
"status": "unaffected"
}
],
"lessThanOrEqual": "7.0.3",
"status": "affected",
"version": "7.0.0",
"versionType": "git"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe attacker needs to be a Zabbix administrator and also needs access to a host that is later auto-removed.\u003c/p\u003e"
}
],
"value": "The attacker needs to be a Zabbix administrator and also needs access to a host that is later auto-removed."
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Zabbix wants to thank Grzegorz Muszy\u0144ski (szerszen199) for submitting this report on the HackerOne bug bounty platform."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA Zabbix adminitrator can inject arbitrary SQL during the autoremoval of hosts by inserting malicious SQL in the \u0027Visible name\u0027 field.\u003c/p\u003e"
}
],
"value": "A Zabbix adminitrator can inject arbitrary SQL during the autoremoval of hosts by inserting malicious SQL in the \u0027Visible name\u0027 field."
}
],
"impacts": [
{
"capecId": "CAPEC-66",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-66: SQL Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-15T12:49:03.144Z",
"orgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
"shortName": "Zabbix"
},
"references": [
{
"url": "https://support.zabbix.com/browse/ZBX-26986"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUpdate the affected components to their respective fixed versions.\u003c/p\u003e"
}
],
"value": "Update the affected components to their respective fixed versions."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Secondary-order SQL injection in Zabbix Server when deleting an autoregistered host",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eDisable any Autoregistration actions that remove hosts.\u003c/p\u003e"
}
],
"value": "Disable any Autoregistration actions that remove hosts."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
"assignerShortName": "Zabbix",
"cveId": "CVE-2025-27240",
"datePublished": "2025-09-12T10:33:46.484Z",
"dateReserved": "2025-02-20T11:40:38.480Z",
"dateUpdated": "2025-09-15T12:49:03.144Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-27238 (GCVE-0-2025-27238)
Vulnerability from nvd – Published: 2025-09-12 10:33 – Updated: 2025-09-15 18:48
VLAI?
Summary
Due to a bug in Zabbix API, the hostprototype.get method lists all host prototypes to users that do not have any user groups assigned to them.
Severity ?
CWE
- :
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-27238",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-12T11:54:14.863048Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-15T18:48:19.882Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"modules": [
"API"
],
"product": "Zabbix",
"repo": "https://git.zabbix.com/",
"vendor": "Zabbix",
"versions": [
{
"changes": [
{
"at": "7.0.14",
"status": "unaffected"
}
],
"lessThanOrEqual": "7.0.13",
"status": "affected",
"version": "7.0.0",
"versionType": "git"
},
{
"changes": [
{
"at": "7.2.8",
"status": "unaffected"
}
],
"lessThanOrEqual": "7.2.7",
"status": "affected",
"version": "7.2.0",
"versionType": "git"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAn attacker could retrieve a list of all host prototypes from API if they have access to a low privilege user account with no user roles assigned.\u003c/p\u003e"
}
],
"value": "An attacker could retrieve a list of all host prototypes from API if they have access to a low privilege user account with no user roles assigned."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eDue to a bug in Zabbix API, the hostprototype.get method lists all host prototypes to users that do not have any user groups assigned to them.\u003c/p\u003e"
}
],
"value": "Due to a bug in Zabbix API, the hostprototype.get method lists all host prototypes to users that do not have any user groups assigned to them."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": ":"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "ADJACENT",
"baseScore": 2.1,
"baseSeverity": "LOW",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": ":",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-12T10:33:17.753Z",
"orgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
"shortName": "Zabbix"
},
"references": [
{
"url": "https://support.zabbix.com/browse/ZBX-26988"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUpdate the affected components to their respective fixed versions.\u003c/p\u003e"
}
],
"value": "Update the affected components to their respective fixed versions."
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "API hostprototype.get lists data to users with insufficient authorization.",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eMake sure there are no Zabbix users without a user group.\u003c/p\u003e"
}
],
"value": "Make sure there are no Zabbix users without a user group."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
"assignerShortName": "Zabbix",
"cveId": "CVE-2025-27238",
"datePublished": "2025-09-12T10:33:17.753Z",
"dateReserved": "2025-02-20T11:40:38.480Z",
"dateUpdated": "2025-09-15T18:48:19.882Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CERTFR-2025-AVI-1055
Vulnerability from certfr_avis - Published: 2025-12-01 - Updated: 2025-12-01
De multiples vulnérabilités ont été découvertes dans Zabbix. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Zabbix | Agent | Agent versions 7.0.x antérieures à 7.0.6 pour AIX | ||
| Zabbix | Zabbix | Zabbix versions 6.x antérieures à 6.0.42 | ||
| Zabbix | Agent | Agent versions 7.2.x antérieures à 7.2.6 pour AIX | ||
| Zabbix | Zabbix | Zabbix versions 7.2.x antérieures à 7.2.13 | ||
| Zabbix | Agent | Agent versions 6.x antérieures à 6.0.40 pour AIX | ||
| Zabbix | Zabbix | Zabbix versions 7.4.x antérieures à 7.4.3 | ||
| Zabbix | Zabbix | Zabbix versions 7.0.x antérieures à 7.0.19 |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Agent versions 7.0.x ant\u00e9rieures \u00e0 7.0.6 pour AIX",
"product": {
"name": "Agent",
"vendor": {
"name": "Zabbix",
"scada": false
}
}
},
{
"description": "Zabbix versions 6.x ant\u00e9rieures \u00e0 6.0.42",
"product": {
"name": "Zabbix",
"vendor": {
"name": "Zabbix",
"scada": false
}
}
},
{
"description": "Agent versions 7.2.x ant\u00e9rieures \u00e0 7.2.6 pour AIX",
"product": {
"name": "Agent",
"vendor": {
"name": "Zabbix",
"scada": false
}
}
},
{
"description": "Zabbix versions 7.2.x ant\u00e9rieures \u00e0 7.2.13",
"product": {
"name": "Zabbix",
"vendor": {
"name": "Zabbix",
"scada": false
}
}
},
{
"description": "Agent versions 6.x ant\u00e9rieures \u00e0 6.0.40 pour AIX",
"product": {
"name": "Agent",
"vendor": {
"name": "Zabbix",
"scada": false
}
}
},
{
"description": "Zabbix versions 7.4.x ant\u00e9rieures \u00e0 7.4.3",
"product": {
"name": "Zabbix",
"vendor": {
"name": "Zabbix",
"scada": false
}
}
},
{
"description": "Zabbix versions 7.0.x ant\u00e9rieures \u00e0 7.0.19",
"product": {
"name": "Zabbix",
"vendor": {
"name": "Zabbix",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-49642",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49642"
},
{
"name": "CVE-2025-49643",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49643"
},
{
"name": "CVE-2025-27232",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27232"
}
],
"initial_release_date": "2025-12-01T00:00:00",
"last_revision_date": "2025-12-01T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-1055",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-12-01T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Zabbix. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Zabbix",
"vendor_advisories": [
{
"published_at": "2025-12-01",
"title": "Bulletin de s\u00e9curit\u00e9 Zabbix ZBX-27282",
"url": "https://support.zabbix.com/browse/ZBX-27282"
},
{
"published_at": "2025-12-01",
"title": "Bulletin de s\u00e9curit\u00e9 Zabbix ZBX-27284",
"url": "https://support.zabbix.com/browse/ZBX-27284"
},
{
"published_at": "2025-12-01",
"title": "Bulletin de s\u00e9curit\u00e9 Zabbix ZBX-27283",
"url": "https://support.zabbix.com/browse/ZBX-27283"
}
]
}
CERTFR-2025-AVI-0845
Vulnerability from certfr_avis - Published: 2025-10-06 - Updated: 2025-10-06
De multiples vulnérabilités ont été découvertes dans Zabbix. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données et un contournement de la politique de sécurité.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Zabbix versions 6.0.x ant\u00e9rieures \u00e0 6.0.41",
"product": {
"name": "Zabbix",
"vendor": {
"name": "Zabbix",
"scada": false
}
}
},
{
"description": "Zabbix versions 7.0.x ant\u00e9rieures \u00e0 7.0.18",
"product": {
"name": "Zabbix",
"vendor": {
"name": "Zabbix",
"scada": false
}
}
},
{
"description": "Zabbix versions 7.4.x ant\u00e9rieures \u00e0 7.4.2",
"product": {
"name": "Zabbix",
"vendor": {
"name": "Zabbix",
"scada": false
}
}
},
{
"description": "Zabbix versions 7.2.x ant\u00e9rieures \u00e0 7.2.12",
"product": {
"name": "Zabbix",
"vendor": {
"name": "Zabbix",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-27231",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27231"
},
{
"name": "CVE-2025-49641",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49641"
}
],
"initial_release_date": "2025-10-06T00:00:00",
"last_revision_date": "2025-10-06T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0845",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-10-06T00:00:00.000000"
}
],
"risks": [
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Zabbix. Elles permettent \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un contournement de la politique de s\u00e9curit\u00e9.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Zabbix",
"vendor_advisories": [
{
"published_at": "2025-10-03",
"title": "Bulletin de s\u00e9curit\u00e9 Zabbix ZBX-27063",
"url": "https://support.zabbix.com/browse/ZBX-27063"
},
{
"published_at": "2025-10-03",
"title": "Bulletin de s\u00e9curit\u00e9 Zabbix ZBX-27062",
"url": "https://support.zabbix.com/browse/ZBX-27062"
}
]
}
CERTFR-2025-AVI-0840
Vulnerability from certfr_avis - Published: 2025-10-03 - Updated: 2025-10-03
De multiples vulnérabilités ont été découvertes dans Zabbix. Elles permettent à un attaquant de provoquer une élévation de privilèges et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Zabbix | Zabbix | Zabbix versions 6.0.x antérieures à 6.0.41 | ||
| Zabbix | N/A | Zabbix Agent versions 7.2.x antérieures à 7.2.12 | ||
| Zabbix | Zabbix | Zabbix versions 7.0.x antérieures à 7.0.17 | ||
| Zabbix | Zabbix | Zabbix versions 7.2.x antérieures à 7.2.11 | ||
| Zabbix | N/A | Zabbix Agent versions 6.0.x antérieures à 6.0.41 | ||
| Zabbix | N/A | Zabbix Agent versions 7.0.x antérieures à 7.0.18 | ||
| Zabbix | N/A | Zabbix Agent versions 7.4.x antérieures à 7.4.2 | ||
| Zabbix | Zabbix | Zabbix versions 7.4.x antérieures à 7.4.1 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Zabbix versions 6.0.x ant\u00e9rieures \u00e0 6.0.41",
"product": {
"name": "Zabbix",
"vendor": {
"name": "Zabbix",
"scada": false
}
}
},
{
"description": "Zabbix Agent versions 7.2.x ant\u00e9rieures \u00e0 7.2.12",
"product": {
"name": "N/A",
"vendor": {
"name": "Zabbix",
"scada": false
}
}
},
{
"description": "Zabbix versions 7.0.x ant\u00e9rieures \u00e0 7.0.17",
"product": {
"name": "Zabbix",
"vendor": {
"name": "Zabbix",
"scada": false
}
}
},
{
"description": "Zabbix versions 7.2.x ant\u00e9rieures \u00e0 7.2.11",
"product": {
"name": "Zabbix",
"vendor": {
"name": "Zabbix",
"scada": false
}
}
},
{
"description": "Zabbix Agent versions 6.0.x ant\u00e9rieures \u00e0 6.0.41",
"product": {
"name": "N/A",
"vendor": {
"name": "Zabbix",
"scada": false
}
}
},
{
"description": "Zabbix Agent versions 7.0.x ant\u00e9rieures \u00e0 7.0.18",
"product": {
"name": "N/A",
"vendor": {
"name": "Zabbix",
"scada": false
}
}
},
{
"description": "Zabbix Agent versions 7.4.x ant\u00e9rieures \u00e0 7.4.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Zabbix",
"scada": false
}
}
},
{
"description": "Zabbix versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
"product": {
"name": "Zabbix",
"vendor": {
"name": "Zabbix",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-27236",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27236"
},
{
"name": "CVE-2025-27237",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27237"
}
],
"initial_release_date": "2025-10-03T00:00:00",
"last_revision_date": "2025-10-03T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0840",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-10-03T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Zabbix. Elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Zabbix",
"vendor_advisories": [
{
"published_at": "2025-10-03",
"title": "Bulletin de s\u00e9curit\u00e9 Zabbix ZBX-27060",
"url": "https://support.zabbix.com/browse/ZBX-27060"
},
{
"published_at": "2025-10-03",
"title": "Bulletin de s\u00e9curit\u00e9 Zabbix ZBX-27061",
"url": "https://support.zabbix.com/browse/ZBX-27061"
}
]
}
FKIE_CVE-2025-49641
Vulnerability from fkie_nvd - Published: 2025-10-03 12:15 - Updated: 2025-10-08 14:55
Severity ?
Summary
A regular Zabbix user with no permission to the Monitoring -> Problems view is still able to call the problem.view.refresh action and therefore still retrieve a list of active problems.
References
| URL | Tags | ||
|---|---|---|---|
| security@zabbix.com | https://support.zabbix.com/browse/ZBX-27063 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EB51CE02-E39D-402B-A2A4-ABDC678D44F6",
"versionEndExcluding": "6.0.41",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9F4CE82D-66AF-4C88-925B-1B5CF1D0F174",
"versionEndExcluding": "7.0.18",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*",
"matchCriteriaId": "919D7232-739F-44E7-A491-FB4BFEC8D294",
"versionEndExcluding": "7.2.12",
"versionStartIncluding": "7.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*",
"matchCriteriaId": "02FECC41-6BFA-43DB-8BC0-0317085195AC",
"versionEndExcluding": "7.4.2",
"versionStartIncluding": "7.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A regular Zabbix user with no permission to the Monitoring -\u003e Problems view is still able to call the problem.view.refresh action and therefore still retrieve a list of active problems."
}
],
"id": "CVE-2025-49641",
"lastModified": "2025-10-08T14:55:00.363",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "security@zabbix.com",
"type": "Secondary"
}
]
},
"published": "2025-10-03T12:15:44.380",
"references": [
{
"source": "security@zabbix.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.zabbix.com/browse/ZBX-27063"
}
],
"sourceIdentifier": "security@zabbix.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "security@zabbix.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-27231
Vulnerability from fkie_nvd - Published: 2025-10-03 12:15 - Updated: 2025-10-08 14:54
Severity ?
Summary
The LDAP 'Bind password' value cannot be read after saving, but a Super Admin account can leak it by changing LDAP 'Host' to a rogue LDAP server. To mitigate this, the 'Bind password' value is now reset on 'Host' change.
References
| URL | Tags | ||
|---|---|---|---|
| security@zabbix.com | https://support.zabbix.com/browse/ZBX-27062 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EB51CE02-E39D-402B-A2A4-ABDC678D44F6",
"versionEndExcluding": "6.0.41",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9F4CE82D-66AF-4C88-925B-1B5CF1D0F174",
"versionEndExcluding": "7.0.18",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*",
"matchCriteriaId": "919D7232-739F-44E7-A491-FB4BFEC8D294",
"versionEndExcluding": "7.2.12",
"versionStartIncluding": "7.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*",
"matchCriteriaId": "02FECC41-6BFA-43DB-8BC0-0317085195AC",
"versionEndExcluding": "7.4.2",
"versionStartIncluding": "7.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The LDAP \u0027Bind password\u0027 value cannot be read after saving, but a Super Admin account can leak it by changing LDAP \u0027Host\u0027 to a rogue LDAP server. To mitigate this, the \u0027Bind password\u0027 value is now reset on \u0027Host\u0027 change."
}
],
"id": "CVE-2025-27231",
"lastModified": "2025-10-08T14:54:17.540",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "ADJACENT",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "security@zabbix.com",
"type": "Secondary"
}
]
},
"published": "2025-10-03T12:15:43.593",
"references": [
{
"source": "security@zabbix.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.zabbix.com/browse/ZBX-27062"
}
],
"sourceIdentifier": "security@zabbix.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-522"
}
],
"source": "security@zabbix.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-27236
Vulnerability from fkie_nvd - Published: 2025-10-03 12:15 - Updated: 2025-10-08 14:54
Severity ?
Summary
A regular Zabbix user can search other users in their user group via Zabbix API by select fields the user does not have access to view. This allows data-mining some field values the user does not have access to.
References
| URL | Tags | ||
|---|---|---|---|
| security@zabbix.com | https://support.zabbix.com/browse/ZBX-27060 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9C73E57A-771E-49D7-9D49-D46513A76D71",
"versionEndExcluding": "6.0.41",
"versionStartIncluding": "6.0.38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A20277F-9A7E-410F-86F0-9E591E1E9089",
"versionEndExcluding": "7.0.17",
"versionStartIncluding": "7.0.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*",
"matchCriteriaId": "01B49CD8-1065-4774-BDC7-3BF9644039E6",
"versionEndExcluding": "7.2.11",
"versionStartIncluding": "7.2.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zabbix:zabbix:7.4.0:-:*:*:*:*:*:*",
"matchCriteriaId": "8AC63758-0D3C-47D2-8895-2C973E10BEE3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A regular Zabbix user can search other users in their user group via Zabbix API by select fields the user does not have access to view. This allows data-mining some field values the user does not have access to."
}
],
"id": "CVE-2025-27236",
"lastModified": "2025-10-08T14:54:42.290",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "ADJACENT",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 2.1,
"baseSeverity": "LOW",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "security@zabbix.com",
"type": "Secondary"
}
]
},
"published": "2025-10-03T12:15:43.790",
"references": [
{
"source": "security@zabbix.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.zabbix.com/browse/ZBX-27060"
}
],
"sourceIdentifier": "security@zabbix.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "security@zabbix.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-27240
Vulnerability from fkie_nvd - Published: 2025-09-12 11:15 - Updated: 2025-10-08 14:53
Severity ?
Summary
A Zabbix adminitrator can inject arbitrary SQL during the autoremoval of hosts by inserting malicious SQL in the 'Visible name' field.
References
| URL | Tags | ||
|---|---|---|---|
| security@zabbix.com | https://support.zabbix.com/browse/ZBX-26986 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*",
"matchCriteriaId": "45CB467C-BC4C-4455-83A5-9FBA0CC7AEA6",
"versionEndExcluding": "6.0.34",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3EC3DDAA-D910-423D-B07D-5BBFC2584A41",
"versionEndExcluding": "6.4.19",
"versionStartIncluding": "6.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BC284EF6-B253-4383-8278-EB81F7859AEF",
"versionEndExcluding": "7.0.4",
"versionStartIncluding": "7.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Zabbix adminitrator can inject arbitrary SQL during the autoremoval of hosts by inserting malicious SQL in the \u0027Visible name\u0027 field."
}
],
"id": "CVE-2025-27240",
"lastModified": "2025-10-08T14:53:38.077",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "security@zabbix.com",
"type": "Secondary"
}
]
},
"published": "2025-09-12T11:15:31.633",
"references": [
{
"source": "security@zabbix.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.zabbix.com/browse/ZBX-26986"
}
],
"sourceIdentifier": "security@zabbix.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "security@zabbix.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-27238
Vulnerability from fkie_nvd - Published: 2025-09-12 11:15 - Updated: 2025-10-08 14:53
Severity ?
Summary
Due to a bug in Zabbix API, the hostprototype.get method lists all host prototypes to users that do not have any user groups assigned to them.
References
| URL | Tags | ||
|---|---|---|---|
| security@zabbix.com | https://support.zabbix.com/browse/ZBX-26988 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*",
"matchCriteriaId": "32C0C48D-CFC1-4722-95CA-BA414F190D07",
"versionEndExcluding": "7.0.14",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BE9594F9-8EE8-424C-A344-293BB85857D0",
"versionEndExcluding": "7.2.8",
"versionStartIncluding": "7.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Due to a bug in Zabbix API, the hostprototype.get method lists all host prototypes to users that do not have any user groups assigned to them."
}
],
"id": "CVE-2025-27238",
"lastModified": "2025-10-08T14:53:00.293",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "ADJACENT",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 2.1,
"baseSeverity": "LOW",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "security@zabbix.com",
"type": "Secondary"
}
]
},
"published": "2025-09-12T11:15:31.517",
"references": [
{
"source": "security@zabbix.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.zabbix.com/browse/ZBX-26988"
}
],
"sourceIdentifier": "security@zabbix.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}