Primary

Context

Zabbix Frontend Denial-of-Service Vulnerability via Asymmetric Resource Consumption

Vulnerability

Patched

A denial-of-service vulnerability has been identified in the Zabbix frontend, specifically in versions 6.0.0 through 6.0.41, 7.0.0 through 7.0.18, 7.2.0 through 7.2.12, and 7.4.0 through 7.4.2. This vulnerability allows an authenticated user, including guests, to cause excessive CPU load on the web server. The issue arises from sending specially crafted parameters to 'imgstore.php', leading to potential service disruption.

Impact

Exploitation of this vulnerability can cause a significant increase in CPU usage on the web server, potentially leading to a denial-of-service condition where the server becomes unresponsive or slow to respond to legitimate requests.

Remediation

Users can update to Zabbix versions 6.0.42, 7.0.19, 7.2.13, or 7.4.3 to address this vulnerability.

Added: Dec 1, 2025, 2:17 PM

Updated: Dec 1, 2025, 3:50 PM

Vulnerability Rating

Custom Algorithm

spread

6.2

impact

2.5

exploitability

6.2

remediation

7.7

relevance

1.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.2

impact

2.5

exploitability

6.2

remediation

7.7

relevance

1.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Zabbix Frontend Denial-of-Service Vulnerability via Asymmetric Resource Consumption

Vulnerability

Impact

Remediation

Affected Products

Zabbix

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating