CVE-2025-27238

🗓️ 12 Sep 2025 10:33:17Reported by ZabbixType

CVE-2025-27238: Zabbix hostprototype.get bug exposes all host prototypes to users with no groups.

Reporter	Title	Published	Views	Family All 20
AlpineLinux	CVE-2025-27238	12 Sep 202511:15	–	alpinelinux
Circl	CVE-2025-27238	12 Sep 202515:02	–	circl
CNNVD	Zabbix 安全漏洞	12 Sep 202500:00	–	cnnvd
Cvelist	CVE-2025-27238 API hostprototype.get lists data to users with insufficient authorization.	12 Sep 202510:33	–	cvelist
Debian CVE	CVE-2025-27238	12 Sep 202510:33	–	debiancve
EUVD	EUVD-2025-29034	3 Oct 202520:07	–	euvd
NVD	CVE-2025-27238	12 Sep 202511:15	–	nvd
OSV	DEBIAN-CVE-2025-27238	12 Sep 202511:15	–	osv
OSV	UBUNTU-CVE-2025-27238	12 Sep 202511:15	–	osv
Positive Technologies	PT-2025-37303	1 Jan 202500:00	–	ptsecurity

NVD

Node

zabbix zabbixRange7.0.0–7.0.14

zabbix zabbixRange7.2.0–7.2.8

[
  {
    "defaultStatus": "unknown",
    "modules": [
      "API"
    ],
    "product": "Zabbix",
    "repo": "https://git.zabbix.com/",
    "vendor": "Zabbix",
    "versions": [
      {
        "changes": [
          {
            "at": "7.0.14",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "7.0.13",
        "status": "affected",
        "version": "7.0.0",
        "versionType": "git"
      },
      {
        "changes": [
          {
            "at": "7.2.8",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "7.2.7",
        "status": "affected",
        "version": "7.2.0",
        "versionType": "git"
      }
    ]
  }
]

Source	Link
support	www.support.zabbix.com/browse/ZBX-26988

08 Oct 2025 14:53Current

6.4Medium risk

Vulners AI Score6.4

CVSS 3.13.5

CVSS 42.1

EPSS0.00032

SSVC

CWE-284