CVE-2025-27236

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-27236
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-27236.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-27236
Downstream
Published
2025-10-03T12:15:43.790Z
Modified
2026-02-24T11:51:08.310309Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

A regular Zabbix user can search other users in their user group via Zabbix API by select fields the user does not have access to view. This allows data-mining some field values the user does not have access to.

References

Affected packages

Git / github.com/zabbix/zabbix

Affected ranges

Type
GIT
Repo
https://github.com/zabbix/zabbix
Events
Introduced
05b8b05eefe2352580b4069745ca76fc5d82892d
Fixed
829f1de6e7574fce12ca16c24f299d62f08e65e2
Introduced
d18251f6afb3179fcd695784839ae47e22fb54e5
Fixed
95bd11695a6b068f0ba4094a2b4158329e52f668

Affected versions

7.*
7.0.10
7.0.10rc1
7.0.11
7.0.11rc1
7.0.11rc2
7.0.12
7.0.12rc1
7.0.13
7.0.13rc1
7.0.14
7.0.14rc1
7.0.15
7.0.16
7.0.17
7.0.17rc1
7.0.17rc2
7.0.18
7.0.18rc1
7.0.18rc2
7.0.19
7.0.19rc1
7.0.20
7.0.20rc1
7.0.21
7.0.22
7.0.22rc1
7.0.22rc2
7.0.22rc3
7.0.23
7.0.23rc1
7.0.23rc2
7.0.9

Database specific

vanir_signatures 
[
    {
        "signature_version": "v1",
        "target": {
            "file": "src/zabbix_java/src/com/zabbix/gateway/GeneralInformation.java"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "44441353669210332823317085755038907956",
                "169285932251912785765675146248437909117",
                "137337491985109912833586754515826829731",
                "191834445266419394386157115469345650418",
                "99701745528081624942106965294441656089",
                "67657961848053022655897260774339542440"
            ]
        },
        "source": "https://github.com/zabbix/zabbix/commit/829f1de6e7574fce12ca16c24f299d62f08e65e2",
        "signature_type": "Line",
        "id": "CVE-2025-27236-07f3f762",
        "deprecated": false
    },
    {
        "signature_version": "v1",
        "target": {
            "file": "src/zabbix_java/src/com/zabbix/gateway/GeneralInformation.java"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "312614962226865881994625562760193464620",
                "243857299040616033543277099011018562380",
                "115047375198210276379139485775260446152",
                "131652300589887294827463178296045152164",
                "24451493220463986177515936334733341608",
                "22616098638544051939022181165573400285"
            ]
        },
        "source": "https://github.com/zabbix/zabbix/commit/95bd11695a6b068f0ba4094a2b4158329e52f668",
        "signature_type": "Line",
        "id": "CVE-2025-27236-69436093",
        "deprecated": false
    }
]
source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-27236.json"