File Read Vulnerability in Zabbix by Zabbix Company
CVE-2025-27232

6.8MEDIUM

Key Information:

Vendor: Zabbix
Status: Zabbix
Vendor: CVE Published:; 1 December 2025

What is CVE-2025-27232?

An authentication flaw within Zabbix allows a Super Admin to exploit the oauth.authorize action, enabling them to read arbitrary files from the web server. This action can lead to significant confidentiality compromises, as sensitive information could be accessed by unauthorized users.

Affected Version(s)

Zabbix 7.4.0 <= 7.4.2

References

https://support.zabbix.com/browse/ZBX-27282

CVSS V4

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 1, 2025
Vulnerability Reserved
Feb 20, 2025

Credit

Zabbix wants to thank o4ncL1 for submitting this report on the HackerOne bug bounty platform.

JSON