CVE-2025-27231

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2025-27231
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-27231.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-27231
Downstream
Published
2025-10-03T12:15:43.593Z
Modified
2025-11-16T15:24:55.834556Z
Severity
  • 4.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

The LDAP 'Bind password' value cannot be read after saving, but a Super Admin account can leak it by changing LDAP 'Host' to a rogue LDAP server. To mitigate this, the 'Bind password' value is now reset on 'Host' change.

References

Affected packages

Git / github.com/zabbix/zabbix

Affected ranges

Type
GIT
Repo
https://github.com/zabbix/zabbix
Events
Introduced
5203d2ea7d901cd33d148f20586e2155901a7faa
Fixed
40573c111594a4a96aee6c4670e4df252d278bb7

Affected versions

6.*

6.0.0
6.0.1
6.0.10
6.0.10rc1
6.0.10rc2
6.0.11
6.0.11rc1
6.0.11rc2
6.0.12
6.0.12rc1
6.0.12rc2
6.0.13
6.0.13rc1
6.0.14
6.0.14rc1
6.0.14rc2
6.0.15
6.0.15rc1
6.0.15rc2
6.0.16
6.0.16rc1
6.0.17
6.0.17rc1
6.0.17rc2
6.0.18
6.0.18rc1
6.0.19
6.0.19rc1
6.0.1rc1
6.0.1rc2
6.0.1rc3
6.0.1rc4
6.0.2
6.0.20
6.0.20rc1
6.0.21
6.0.21rc1
6.0.22
6.0.22rc1
6.0.23
6.0.23rc1
6.0.25
6.0.25rc1
6.0.26
6.0.26rc1
6.0.27
6.0.27rc1
6.0.28
6.0.28rc1
6.0.29
6.0.29rc1
6.0.2rc1
6.0.3
6.0.30
6.0.30rc1
6.0.31
6.0.31rc1
6.0.32
6.0.32rc1
6.0.33
6.0.33rc1
6.0.34
6.0.34rc1
6.0.34rc2
6.0.35
6.0.35rc1
6.0.36
6.0.36rc1
6.0.37
6.0.37rc1
6.0.38
6.0.38rc1
6.0.39
6.0.39rc1
6.0.3rc1
6.0.4
6.0.40
6.0.40rc1
6.0.41rc1
6.0.4rc1
6.0.5
6.0.5rc1
6.0.6
6.0.6rc1
6.0.7
6.0.7rc1
6.0.8
6.0.8rc1
6.0.8rc2
6.0.9
6.0.9rc1
6.0.9rc2

Database specific

vanir_signatures

[
    {
        "signature_type": "Line",
        "source": "https://github.com/zabbix/zabbix/commit/40573c111594a4a96aee6c4670e4df252d278bb7",
        "signature_version": "v1",
        "deprecated": false,
        "id": "CVE-2025-27231-eda0a3f5",
        "target": {
            "file": "src/zabbix_java/src/com/zabbix/gateway/GeneralInformation.java"
        },
        "digest": {
            "line_hashes": [
                "312614962226865881994625562760193464620",
                "243857299040616033543277099011018562380",
                "115047375198210276379139485775260446152",
                "131652300589887294827463178296045152164",
                "24451493220463986177515936334733341608",
                "22616098638544051939022181165573400285"
            ],
            "threshold": 0.9
        }
    }
]