CVE-2025-27236
- Source
- https://cve.org/CVERecord?id=CVE-2025-27236
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-27236.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-27236
- Downstream
- Published
- 2025-10-03T12:15:43.790Z
- Modified
- 2026-04-12T14:03:50.263396Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
A regular Zabbix user can search other users in their user group via Zabbix API by select fields the user does not have access to view. This allows data-mining some field values the user does not have access to.
- References
Affected packages
Git / github.com/zabbix/zabbix
Affected ranges
- Type
- GIT
- Repo
- https://github.com/zabbix/zabbix
- Events
-
IntroducedFixedIntroducedFixedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Database specific
{ "versions": [ { "introduced": "6.0.38" }, { "fixed": "6.0.41" }, { "introduced": "7.0.9" }, { "fixed": "7.0.17" }, { "introduced": "0" }, { "last_affected": "7.4.0-NA" } ] }
Affected versions
6.*
6.0.0
6.0.0alpha1
6.0.0alpha2
6.0.0alpha3
6.0.0alpha4
6.0.0alpha5
6.0.0alpha6
6.0.0alpha7
6.0.0beta1
6.0.0beta2
6.0.0beta3
6.0.0rc1
6.0.0rc2
6.0.38
6.0.39
6.0.39rc1
6.0.40
6.0.40rc1
6.0.41rc1
7.*
7.0.0alpha1
7.0.0alpha2
7.0.0alpha3
7.0.0alpha4
7.0.0alpha6
7.0.0alpha7
7.0.0alpha8
7.0.0alpha9
7.0.0beta1
7.0.0beta2
7.0.0beta3
7.0.0rc1
7.0.0rc2
7.0.0rc3
7.0.10
7.0.10rc1
7.0.11
7.0.11rc1
7.0.11rc2
7.0.12
7.0.12rc1
7.0.13
7.0.13rc1
7.0.14
7.0.14rc1
7.0.15
7.0.16
7.0.17rc1
7.0.17rc2
7.0.9
7.4.0
7.4.0alpha1
7.4.0beta1
7.4.0beta2
7.4.0rc1
7.4.0rc2
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-27236.json"
vanir_signatures
[
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"44441353669210332823317085755038907956",
"169285932251912785765675146248437909117",
"137337491985109912833586754515826829731",
"191834445266419394386157115469345650418",
"99701745528081624942106965294441656089",
"67657961848053022655897260774339542440"
]
},
"id": "CVE-2025-27236-0435a7ee",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/zabbix/zabbix/commit/77c670937ef80b42b962004f5528223a505951ce",
"target": {
"file": "src/zabbix_java/src/com/zabbix/gateway/GeneralInformation.java"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"312614962226865881994625562760193464620",
"243857299040616033543277099011018562380",
"115047375198210276379139485775260446152",
"131652300589887294827463178296045152164",
"24451493220463986177515936334733341608",
"22616098638544051939022181165573400285"
]
},
"id": "CVE-2025-27236-eda0a3f5",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/zabbix/zabbix/commit/40573c111594a4a96aee6c4670e4df252d278bb7",
"target": {
"file": "src/zabbix_java/src/com/zabbix/gateway/GeneralInformation.java"
}
}
]
vanir_signatures_modified
"2026-04-12T14:03:50Z"
unresolved_ranges
[
{
"events": [
{
"introduced": "7.2.3"
},
{
"fixed": "7.2.11"
}
]
}
]