{"id":"CVE-2025-27236","details":"A regular Zabbix user can search other users in their user group via Zabbix API by select fields the user does not have access to view. This allows data-mining some field values the user does not have access to.","modified":"2026-04-12T14:03:50.263396Z","published":"2025-10-03T12:15:43.790Z","references":[{"type":"ADVISORY","url":"https://support.zabbix.com/browse/ZBX-27060"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/zabbix/zabbix","events":[{"introduced":"9bdb1c8ab4ee57c7f55ca648eab6b6d7df816e70"},{"fixed":"40573c111594a4a96aee6c4670e4df252d278bb7"},{"introduced":"05b8b05eefe2352580b4069745ca76fc5d82892d"},{"fixed":"77c670937ef80b42b962004f5528223a505951ce"},{"introduced":"0"},{"last_affected":"372a4e93c48ecd25aa666949a055a02369031861"}],"database_specific":{"versions":[{"introduced":"6.0.38"},{"fixed":"6.0.41"},{"introduced":"7.0.9"},{"fixed":"7.0.17"},{"introduced":"0"},{"last_affected":"7.4.0-NA"}]}}],"versions":["6.0.0","6.0.0alpha1","6.0.0alpha2","6.0.0alpha3","6.0.0alpha4","6.0.0alpha5","6.0.0alpha6","6.0.0alpha7","6.0.0beta1","6.0.0beta2","6.0.0beta3","6.0.0rc1","6.0.0rc2","6.0.38","6.0.39","6.0.39rc1","6.0.40","6.0.40rc1","6.0.41rc1","7.0.0alpha1","7.0.0alpha2","7.0.0alpha3","7.0.0alpha4","7.0.0alpha6","7.0.0alpha7","7.0.0alpha8","7.0.0alpha9","7.0.0beta1","7.0.0beta2","7.0.0beta3","7.0.0rc1","7.0.0rc2","7.0.0rc3","7.0.10","7.0.10rc1","7.0.11","7.0.11rc1","7.0.11rc2","7.0.12","7.0.12rc1","7.0.13","7.0.13rc1","7.0.14","7.0.14rc1","7.0.15","7.0.16","7.0.17rc1","7.0.17rc2","7.0.9","7.4.0","7.4.0alpha1","7.4.0beta1","7.4.0beta2","7.4.0rc1","7.4.0rc2"],"database_specific":{"vanir_signatures_modified":"2026-04-12T14:03:50Z","unresolved_ranges":[{"events":[{"introduced":"7.2.3"},{"fixed":"7.2.11"}]}],"vanir_signatures":[{"deprecated":false,"source":"https://github.com/zabbix/zabbix/commit/77c670937ef80b42b962004f5528223a505951ce","signature_type":"Line","digest":{"line_hashes":["44441353669210332823317085755038907956","169285932251912785765675146248437909117","137337491985109912833586754515826829731","191834445266419394386157115469345650418","99701745528081624942106965294441656089","67657961848053022655897260774339542440"],"threshold":0.9},"id":"CVE-2025-27236-0435a7ee","target":{"file":"src/zabbix_java/src/com/zabbix/gateway/GeneralInformation.java"},"signature_version":"v1"},{"deprecated":false,"source":"https://github.com/zabbix/zabbix/commit/40573c111594a4a96aee6c4670e4df252d278bb7","signature_type":"Line","digest":{"line_hashes":["312614962226865881994625562760193464620","243857299040616033543277099011018562380","115047375198210276379139485775260446152","131652300589887294827463178296045152164","24451493220463986177515936334733341608","22616098638544051939022181165573400285"],"threshold":0.9},"id":"CVE-2025-27236-eda0a3f5","target":{"file":"src/zabbix_java/src/com/zabbix/gateway/GeneralInformation.java"},"signature_version":"v1"}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-27236.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}]}