Information disclosure in Zabbix - CVE-2025-27232
Published: January 22, 2026
Vulnerability identifier: #VU121934
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2025-27232
CWE-ID: CWE-200
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vendor: Zabbix
Affected software:
Zabbix
Zabbix
Detailed vulnerability description
The vulnerability allows a remote user to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application in oauth.authorize action within the Frontend component. An administrator on the local network can read arbitrary files from the webserver.
How to mitigate CVE-2025-27232
Install updates from vendor's website.