CVE-2025-49641

Name
CVE-2025-49641
Description
A regular Zabbix user with no permission to the Monitoring -> Problems view is still able to call the problem.view.refresh action and therefore still retrieve a list of active problems.
NVD Severity
unknown
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
https://support.zabbix.com/browse/ZBX-27063

Match rules

CPE URI Source package Min version Max version
zabbix >= 6.0.0 <= 6.0.40
zabbix >= 7.0.0 <= 7.0.17
zabbix >= 7.2.0 <= 7.2.11
zabbix >= 7.4.0 <= 7.4.1
cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:* zabbix >= 6.0.0 < 6.0.41
cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:* zabbix >= 7.0.0 < 7.0.18
cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:* zabbix >= 7.2.0 < 7.2.12
cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:* zabbix >= 7.4.0 < 7.4.2

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
zabbix edge-community 7.4.1-r1 Kevin Daudt <kdaudt@alpinelinux.org> possibly vulnerable
zabbix edge-community 7.0.1-r0 Kevin Daudt <kdaudt@alpinelinux.org> possibly vulnerable
zabbix 3.22-community 7.2.11-r2 Kevin Daudt <kdaudt@alpinelinux.org> possibly vulnerable
zabbix 3.22-community 7.2.11-r1 Kevin Daudt <kdaudt@alpinelinux.org> possibly vulnerable
zabbix 3.22-community 7.0.16-r0 Kevin Daudt <kdaudt@alpinelinux.org> possibly vulnerable
zabbix 3.22-community 7.0.12-r0 Kevin Daudt <kdaudt@alpinelinux.org> possibly vulnerable
zabbix 3.22-community 7.0.1-r0 None possibly vulnerable