DoS Vulnerability in Zabbix Server by Zabbix
CVE-2024-45700

6MEDIUM

Key Information:

Vendor: Zabbix
Status: Zabbix
Vendor: CVE Published:; 2 April 2025

What is CVE-2024-45700?

The Zabbix Server is susceptible to a Denial of Service vulnerability that arises from uncontrolled resource exhaustion. Malicious actors can exploit this weakness by sending specifically crafted requests to the server. This results in excessive memory allocation and intensive CPU operations for decompression, eventually causing the server to crash and disrupt service continuity.

Affected Version(s)

Zabbix 6.0.0 <= 6.0.38

Zabbix 7.0.0 <= 7.0.9

Zabbix 7.2.0 <= 7.2.3

References

https://support.zabbix.com/browse/ZBX-26253

CVSS V4

Score:

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 2, 2025
Vulnerability Reserved
Sep 5, 2024

Credit

Zabbix wants to thank kelsier for submitting this report on the HackerOne bug bounty platform