Information disclosure in Zabbix - CVE-2025-27232

 

Information disclosure in Zabbix - CVE-2025-27232

Published: January 22, 2026


Vulnerability identifier: #VU121934
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2025-27232
CWE-ID: CWE-200
Exploitation vector: Adjecent network
Exploit availability: No public exploit available
Vendor: Zabbix
Affected software:
Zabbix

Detailed vulnerability description

The vulnerability allows a remote user to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application in oauth.authorize action within the Frontend component. An administrator on the local network can read arbitrary files from the webserver.


How to mitigate CVE-2025-27232

Install updates from vendor's website.

Sources