CNNVD-202601-1834 Information

CNNVD ID

CNNVD-202601-1834

Related CVE

CVE-2025-66689

• CNNVD Published: 2026-01-12

Description (Chinese)

Zenoss是美国Zenoss公司的一套开源的企业级IT管理和监控软件。该软件提供事件管理、网络服务监控、主机资源监控和网络设备的可用性监控等功能。 Zenoss 9.8.2之前版本存在安全漏洞，该漏洞源于is_dangerous_path验证函数逻辑缺陷，可能导致经过身份验证的攻击者读取任意文件。

Description (English)

Zenoss is an open-source enterprise-level IT management and monitoring software for Zenoss in the United States. The software provides features such as event management, network service monitoring, mainframe resource monitoring and network equipment availability monitoring. A security loophole existed in the previous version of Zenos 9.2, which arose out of a logical defect in the Is dangerous path authentication function, which could lead to any document being read by an identified assailant.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Zenoss

Published

2026-01-12

Last Modified

2026-02-24

References

https://github.com/BeehiveInnovations/zen-mcp-server/issues/293 https://github.com/Team-Off-course/MCP-Server-Vuln-Analysis/blob/main/CVE-2025-66689.md https://access.redhat.com/security/cve/cve-2025-66689