Information Exposure in Zabbix API Affects User Data Retrieval
CVE-2024-42325

2.1LOW

Key Information:

Vendor: Zabbix
Status: Zabbix
Vendor: CVE Published:; 2 April 2025

What is CVE-2024-42325?

The Zabbix API contains an information exposure vulnerability that allows the user.get method to return data for all users within the same group as the invoking user. This includes sensitive information such as media details and login attempts, potentially compromising user privacy. Proper access controls and data filtering mechanisms should be implemented to mitigate this risk.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Zabbix 5.0.0 <= 5.0.45

Zabbix 6.0.0 <= 6.0.37

Zabbix 7.0.0 <= 7.0.8

References

https://support.zabbix.com/browse/ZBX-26258

CVSS V4

Score:

2.1

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Apr 2, 2025
Vulnerability Reserved
Jul 30, 2024

JSON

Zabbix

What is CVE-2024-42325?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V4

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.