CVE-2025-49641

A regular Zabbix user with no permission to the Monitoring - Problems view is still able to call the problem.view.refresh action and therefore still retrieve a list of active problems...

CVE-2025-49641

CVE-2025-49641 affects Zabbix deployments; a regular user without access to Monitoring → Problems can call problem.view.refresh and retrieve a list of active problems. Root cause described as insufficient permission checks for the problem.view.refresh action. The connected sources (Red Hat, Debia...