Primary

Context

Zabbix Insufficient Permission Check Vulnerability in Problem View Refresh Action

Vulnerability

Patched

A vulnerability exists in Zabbix that allows regular users, without permission to access the Monitoring -> Problems view, to invoke the problem.view.refresh action. This action retrievals a list of active problems, indicating an insufficient permission check.

Impact

Exploitation of this vulnerability could lead to unauthorized access to active problem data, allowing users to view issues they should not have permission to access.

Remediation

Users can update to Zabbix versions 6.0.41, 7.0.18, 7.2.12, or 7.4.2 to address this vulnerability.

Added: Oct 3, 2025, 12:44 PM

Updated: Oct 3, 2025, 12:44 PM

Vulnerability Rating

Custom Algorithm

spread

6.2

impact

0.6

exploitability

5.2

remediation

7.7

relevance

0.7

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.2

impact

0.6

exploitability

5.2

remediation

7.7

relevance

0.7

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Zabbix Insufficient Permission Check Vulnerability in Problem View Refresh Action

Vulnerability

Impact

Remediation

Affected Products

Zabbix

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating