CNNVD-202509-1777 Information
CNNVD ID
CNNVD-202509-1777
Related CVE
- CNNVD Published: 2025-09-12
Description (Chinese)
Zabbix是Zabbix公司的一套开源的监控系统。该系统支持网络监控、服务器监控、云监控和应用监控等。 Zabbix存在安全漏洞,该漏洞源于hostprototype.get方法会向未分配用户组的用户列出所有主机原型,可能导致信息泄露。
Description (English)
Zabbix is an open-source monitoring system for Zabbix. The system supports network monitoring, server monitoring, cloud monitoring and application monitoring, etc. There is a security loophole in Zabbix, which stems from the hostprototype.get method, which lists all mainframe prototypes to unassigned user groups and may lead to the disclosure of information.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Zabbix
Published
2025-09-12
Last Modified
2026-02-24
References
https://support.zabbix.com/browse/ZBX-26988 https://access.redhat.com/security/cve/cve-2025-27238 https://vigilance.fr/vulnerability/Zabbix-information-disclosure-via-API-Hostprototype-get-48219
Patch
https://support.zabbix.com/browse/ZBX-26988
Share on: