CVE-2025-27236

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Zabbix (affected versions not specified)

Description A regular user can search for other users within their user group through the Zabbix API and access fields they are not authorized to view. This enables the extraction of data from fields the user normally lacks access to. The issue involves the ability to query user information via the API, potentially revealing sensitive details.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Incorrect Authorization

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863CWE-200

Related Identifiers

BDU:2025-12725

BDU:2025-12726

BDU:2025-13818

CVE-2025-27236

Affected Products

Debian

Red Os

Zabbix

CVE-2025-27236

Weakness Enumeration

Related Identifiers

Affected Products

References · 25