CVE-2025-27238

Due to a bug in Zabbix API, the hostprototype.get method lists all host prototypes to users that do not have any user groups assigned to them.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
UNKNOWN
---
ZabbixCNA
---
---
CISA-ADPADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 4%
Debian logo
Debian Releases
Debian Product
Codename
zabbix
bullseye
vulnerable
bullseye (security)
vulnerable
bookworm
vulnerable
forky
vulnerable
sid
vulnerable
trixie
vulnerable
Vulnerability Media Exposure
References
https://support.zabbix.com/browse/ZBX-26988