Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-49641

A regular Zabbix user with no permission to the Monitoring -> Problems view is still able to call the problem.view.refresh action and therefore still retrieve a list of active problems.

Published

2025-10-03T12:15:44.380

Last Modified

2025-10-08T14:55:00.363

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 4.3 (MEDIUM)

Weaknesses

Type: Secondary
CWE-863

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	zabbix	zabbix	< 6.0.41	Yes
Application	zabbix	zabbix	< 7.0.18	Yes
Application	zabbix	zabbix	< 7.2.12	Yes
Application	zabbix	zabbix	< 7.4.2	Yes

References

https://support.zabbix.com/browse/ZBX-27063 Vendor Advisory ([email protected])