Unrated severityNVD Advisory· Published Oct 3, 2025· Updated Oct 3, 2025

User information disclosure via api_jsonrpc.php on method user.get with param search

CVE-2025-27236

Description

A regular Zabbix user can search other users in their user group via Zabbix API by select fields the user does not have access to view. This allows data-mining some field values the user does not have access to.

Affected products

Zabbix/Zabbixllm-fuzzy2 versions
(expand)+ 1 more
- (no CPE)
- (no CPE)range: 6.0.38

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

support.zabbix.com/browse/ZBX-27060mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000