CVE-2025-27238

Опубликовано: 12 сент. 2025

Источник: debian

EPSS Низкий

Описание

Due to a bug in Zabbix API, the hostprototype.get method lists all host prototypes to users that do not have any user groups assigned to them.

Пакеты

Пакет	Статус	Релиз	Тип
zabbix	unfixed		package
zabbix	not-affected	bookworm	package
zabbix	not-affected	bullseye	package

Примечания

https://support.zabbix.com/browse/ZBX-26988
Internal issue DEV-4292
Introduced by: https://github.com/zabbix/zabbix/commit/d4a2ba44e484a2ef0471ae5f839f94aa7357c3b0 (7.0.0beta1)
Fixed by: https://github.com/zabbix/zabbix/commit/2d607ccd0d099757e48bbb9d3abb7571268ed87e (7.0.14rc1)
Fixed by: https://github.com/zabbix/zabbix/commit/de83eeea59ca18e5a435a517570f8e6925f124ec (7.2.8rc1)
Fixed in 7.0.14, 7.2.8

EPSS

Процентиль: 5%

0.00022

Низкий

Связанные уязвимости

CVE-2025-27238

CVSS3: 3.5

ubuntu

4 месяца назад

Due to a bug in Zabbix API, the hostprototype.get method lists all host prototypes to users that do not have any user groups assigned to them.

CVE-2025-27238

CVSS3: 3.5

nvd

4 месяца назад

Due to a bug in Zabbix API, the hostprototype.get method lists all host prototypes to users that do not have any user groups assigned to them.

GHSA-8m2h-w74v-v385

CVSS3: 3.5

github

4 месяца назад

Due to a bug in Zabbix API, the hostprototype.get method lists all host prototypes to users that do not have any user groups assigned to them.

BDU:2025-11597

CVSS3: 3.5

fstec

4 месяца назад

Уязвимость универсальной системы мониторинга Zabbix, связана с неправильной авторизацией, позволяющая нарушителю получить доступ к конфиденциальной информации

ROS-20250923-17

CVSS3: 3.5

redos

4 месяца назад

Уязвимость zabbix7.2-agent

EPSS

Процентиль: 5%

0.00022

Низкий