CVE-2024-22117

CVSS v3.1

2.2

Low

Vector

AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions Zabbix versions prior to 7.0.3

Description The issue is related to insufficient input validation in the Zabbix universal monitoring system. This can allow a remote attacker to elevate their privileges. When a URL is added to the map element, it is recorded in the database with sequential IDs. However, if a user manually changes the sysmapelementurlid value, it can prevent others from adding URLs to the map element.

Recommendations For Zabbix versions prior to 7.0.3, upgrade the system to a version that contains the fix for this issue to mitigate the risk. As a temporary workaround, consider restricting access to the sysmapelementurlid value to prevent manual changes. Avoid using the sysmapelementurlid value in a way that could allow an attacker to manipulate it and elevate their privileges.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

ALT-PU-2024-16527

ALT-PU-2024-16638

ALT-PU-2025-3400

BDU:2025-00337

CVE-2024-22117

DLA-3909-1

SUSE-SU-2025:02746-1

SUSE-SU-2025_02746-1

Affected Products

Alt Linux

Astra Linux

Debian

Red Os

Suse

Zabbix

CVE-2024-22117

Weakness Enumeration

Related Identifiers

Affected Products

References · 26