Primary

Context

Zabbix API Hostprototype.get Authorization Vulnerability

Vulnerability

Patched

A vulnerability exists in the Zabbix API within the hostprototype.get method, which improperly exposes all host prototypes to users lacking any assigned user groups. This issue affects Zabbix versions 7.0.0 through 7.0.13 and 7.2.0 through 7.2.7. The vulnerability arises from a bug that allows users with low-privilege accounts and no user roles to access a complete list of host prototypes via the API.

Impact

Exploitation of this vulnerability allows for unauthorized access to all host prototypes, potentially leading to information disclosure.

Remediation

Users can update to Zabbix version 7.0.14 or 7.2.8, depending on their current version. Additionally, ensure that all Zabbix users are assigned to a user group to prevent exposure.

Added: Sep 12, 2025, 11:18 AM

Updated: Sep 12, 2025, 11:18 AM

Vulnerability Rating

Custom Algorithm

spread

6.2

impact

2.5

exploitability

4.8

remediation

8.3

relevance

0.5

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.2

impact

2.5

exploitability

4.8

remediation

8.3

relevance

0.5

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Zabbix API Hostprototype.get Authorization Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Zabbix

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating