CVE-2025-27232
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-12-01
Last updated on: 2026-02-06
Assigner: Zabbix
Description
Description
An authenticated Zabbix Super Admin can exploit the oauth.authorize action to read arbitrary files from the webserver leading to potential confidentiality loss.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| zabbix | frontend | From 7.4.0 (inc) to 7.4.3 (inc) |
| zabbix | zabbix | 4.0 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-918 | The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability allows an authenticated Zabbix Super Admin to exploit the oauth.authorize action to read arbitrary files from the webserver. This means the attacker can access files they should not be able to, potentially exposing sensitive information.
How can this vulnerability impact me? :
The vulnerability can lead to a loss of confidentiality by allowing unauthorized access to arbitrary files on the webserver. This could expose sensitive data, internal configuration files, or other critical information, potentially compromising the security of the affected system.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70