Unrated severityNVD Advisory· Published Sep 12, 2025· Updated Sep 15, 2025

API hostprototype.get lists data to users with insufficient authorization.

CVE-2025-27238

Description

Due to a bug in Zabbix API, the hostprototype.get method lists all host prototypes to users that do not have any user groups assigned to them.

Zabbix/Zabbixllm-fuzzy2 versions
(expand)+ 1 more
- (no CPE)
- (no CPE)range: 7.0.0

No patches discovered yet.

AI mechanics synthesis has not run for this CVE yet.

No linked articles in our index yet.