VYPR
← All advisories
Unrated severityNVD Advisory· Published Sep 12, 2025· Updated Feb 26, 2026

Secondary-order SQL injection in Zabbix Server when deleting an autoregistered host

CVE-2025-27240

Description

A Zabbix adminitrator can inject arbitrary SQL during the autoremoval of hosts by inserting malicious SQL in the 'Visible name' field.

Affected products

2
  • Zabbix/Zabbixllm-fuzzy2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)range: 6.0.0

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

News mentions

0

No linked articles in our index yet.