Fluid Attacks Database

Description

A regular Zabbix user can search other users in their user group via Zabbix API by select fields the user does not have access to view. This allows data-mining some field values the user does not have access to.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 12	zabbix	=1:6.0.14+dfsg-1 \|\| =1:6.0.23+dfsg-1 \|\| =1:6.0.23+dfsg-1~bpo12+1 \|\| =1:6.0.24+dfsg-1 \|\| =1:6.0.25+dfsg-1 \|\| =1:6.0.29+dfsg-1 \|\| =1:7.0.0+dfsg-1 \|\| =1:7.0.0+dfsg-2 \|\| =1:7.0.0+dfsg-2~bpo12+1 \|\| =1:7.0.1+dfsg-1 \|\| =1:7.0.1+dfsg-1~bpo12+1 \|\| =1:7.0.10+dfsg-1 \|\| =1:7.0.10+dfsg-2 \|\| =1:7.0.2+dfsg-1 \|\| =1:7.0.2+dfsg-1~bpo12+1 \|\| =1:7.0.22+dfsg-1 \|\| =1:7.0.22+dfsg-1~bpo13+1 \|\| =1:7.0.22+dfsg-1~deb13u1 \|\| =1:7.0.3+dfsg-1 \|\| =1:7.0.5+dfsg-1 \|\| =1:7.0.5+dfsg-1~bpo12+1 \|\| =1:7.0.6+dfsg-1 \|\| =1:7.0.9+dfsg-1 \|\| =1:7.0.9+dfsg-1~bpo12+1	-
debian 11	zabbix	=1:5.0.14+dfsg-1 \|\| =1:5.0.14+dfsg-1~bpo11+1 \|\| =1:5.0.17+dfsg-1 \|\| =1:5.0.17+dfsg-1~bpo11+1 \|\| =1:5.0.44+dfsg-1+deb11u1 \|\| =1:5.0.45+dfsg-1+deb11u1 \|\| =1:5.0.46+dfsg-1+deb11u1 \|\| =1:5.0.47+dfsg-0+deb11u1 \|\| =1:5.0.8+dfsg-1 \|\| =1:6.0.10+dfsg-1 \|\| =1:6.0.13+dfsg-1 \|\| =1:6.0.14+dfsg-1 \|\| =1:6.0.14+dfsg-1~bpo11+1 \|\| =1:6.0.23+dfsg-1 \|\| =1:6.0.23+dfsg-1~bpo12+1 \|\| =1:6.0.24+dfsg-1 \|\| =1:6.0.25+dfsg-1 \|\| =1:6.0.29+dfsg-1 \|\| =1:6.0.3+dfsg-1 \|\| =1:6.0.6+dfsg-1 \|\| =1:6.0.7+dfsg-1 \|\| =1:6.0.7+dfsg-2 \|\| =1:6.0.7+dfsg-2~bpo11+1 \|\| =1:6.0.7+dfsg-3 \|\| =1:6.0.8+dfsg-1 \|\| =1:6.0.9+dfsg-1 \|\| =1:6.0.9+dfsg-1.1 \|\| =1:7.0.0+dfsg-1 \|\| =1:7.0.0+dfsg-2 \|\| =1:7.0.0+dfsg-2~bpo12+1 \|\| =1:7.0.1+dfsg-1 \|\| =1:7.0.1+dfsg-1~bpo12+1 \|\| =1:7.0.10+dfsg-1 \|\| =1:7.0.10+dfsg-2 \|\| =1:7.0.2+dfsg-1 \|\| =1:7.0.2+dfsg-1~bpo12+1 \|\| =1:7.0.22+dfsg-1 \|\| =1:7.0.22+dfsg-1~bpo13+1 \|\| =1:7.0.22+dfsg-1~deb13u1 \|\| =1:7.0.3+dfsg-1 \|\| =1:7.0.5+dfsg-1 \|\| =1:7.0.5+dfsg-1~bpo12+1 \|\| =1:7.0.6+dfsg-1 \|\| =1:7.0.9+dfsg-1 \|\| =1:7.0.9+dfsg-1~bpo12+1	-
debian 13	zabbix	=1:7.0.10+dfsg-2 \|\| =1:7.0.22+dfsg-1~bpo13+1 \|\| >=0 <1:7.0.22+dfsg-1~deb13u1	1:7.0.22+dfsg-1~deb13u1
debian 14	zabbix	=1:7.0.10+dfsg-2 \|\| =1:7.0.22+dfsg-1~bpo13+1 \|\| =1:7.0.22+dfsg-1~deb13u1 \|\| >=0 <1:7.0.22+dfsg-1	1:7.0.22+dfsg-1

Aliases

1. CVE-2025-272362. NVD-2025-272363. OSV-DEBIAN-2025-272364. OSV-2025-272365. SECURITY-TRACKER-CVE-2025-27236