A regular Zabbix user can search other users in their user group via Zabbix API by select fields the user does not have access to view. This allows data-mining some field values the user does not have access to.
{
"versions": [
{
"introduced": "6.0.38"
},
{
"fixed": "6.0.41"
},
{
"introduced": "7.0.9"
},
{
"fixed": "7.0.17"
},
{
"introduced": "0"
},
{
"last_affected": "7.4.0-NA"
}
]
}"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-27236.json"
[
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"44441353669210332823317085755038907956",
"169285932251912785765675146248437909117",
"137337491985109912833586754515826829731",
"191834445266419394386157115469345650418",
"99701745528081624942106965294441656089",
"67657961848053022655897260774339542440"
]
},
"id": "CVE-2025-27236-0435a7ee",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/zabbix/zabbix/commit/77c670937ef80b42b962004f5528223a505951ce",
"target": {
"file": "src/zabbix_java/src/com/zabbix/gateway/GeneralInformation.java"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"312614962226865881994625562760193464620",
"243857299040616033543277099011018562380",
"115047375198210276379139485775260446152",
"131652300589887294827463178296045152164",
"24451493220463986177515936334733341608",
"22616098638544051939022181165573400285"
]
},
"id": "CVE-2025-27236-eda0a3f5",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/zabbix/zabbix/commit/40573c111594a4a96aee6c4670e4df252d278bb7",
"target": {
"file": "src/zabbix_java/src/com/zabbix/gateway/GeneralInformation.java"
}
}
]
"2026-04-12T14:03:50Z"
[
{
"events": [
{
"introduced": "7.2.3"
},
{
"fixed": "7.2.11"
}
]
}
]