CVE-2025-27240

Опубликовано: 12 сент. 2025

Источник: debian

EPSS Низкий

Описание

A Zabbix adminitrator can inject arbitrary SQL during the autoremoval of hosts by inserting malicious SQL in the 'Visible name' field.

Пакет	Статус	Версия исправления	Релиз	Тип
zabbix	fixed	1:7.0.5+dfsg-1		package

https://support.zabbix.com/browse/ZBX-26986
Internal issue DEV-3902
Fixed by: https://github.com/zabbix/zabbix/commit/f092a5067ad3555bb5aa908952f034b64b1f0718 (6.0.34rc1)
Fixed by: https://github.com/zabbix/zabbix/commit/53562f832665e15033062fb489cdaf18356d9eb1 (7.0.4rc1)
Fixed in 6.0.34, 6.4.19, 7.0.4

EPSS

Процентиль: 21%

0.00068

Низкий

CVE-2025-27240

CVSS3: 7.2

ubuntu

3 месяца назад

A Zabbix adminitrator can inject arbitrary SQL during the autoremoval of hosts by inserting malicious SQL in the 'Visible name' field.

CVE-2025-27240

CVSS3: 7.2

nvd

3 месяца назад

A Zabbix adminitrator can inject arbitrary SQL during the autoremoval of hosts by inserting malicious SQL in the 'Visible name' field.

ROS-20250923-23

CVSS3: 8.1

redos

2 месяца назад

Уязвимость zabbix-lts-agent

ROS-20250923-19

CVSS3: 8.1

redos

2 месяца назад

Уязвимость zabbix-agent

ROS-20250923-18

CVSS3: 8.1

redos

2 месяца назад

Уязвимость zabbix7-lts-agent

EPSS

Процентиль: 21%

0.00068

Низкий