VYPR
Unrated severityNVD Advisory· Published Oct 3, 2025· Updated Oct 3, 2025

User information disclosure via api_jsonrpc.php on method user.get with param search

CVE-2025-27236

Description

A regular Zabbix user can search other users in their user group via Zabbix API by select fields the user does not have access to view. This allows data-mining some field values the user does not have access to.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Zabbix/Zabbixllm-fuzzy2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)range: 6.0.38

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.