Information Exposure in Zabbix API Affects User Data Retrieval
CVE-2024-42325

2.1LOW

Key Information:

Vendor: Zabbix
Status: Zabbix
Vendor: CVE Published:; 2 April 2025

What is CVE-2024-42325?

The Zabbix API contains an information exposure vulnerability that allows the user.get method to return data for all users within the same group as the invoking user. This includes sensitive information such as media details and login attempts, potentially compromising user privacy. Proper access controls and data filtering mechanisms should be implemented to mitigate this risk.

Affected Version(s)

Zabbix 5.0.0 <= 5.0.45

Zabbix 6.0.0 <= 6.0.37

Zabbix 7.0.0 <= 7.0.8

References

https://support.zabbix.com/browse/ZBX-26258

CVSS V4

Score:

2.1

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 2, 2025
Vulnerability Reserved
Jul 30, 2024