Skip to main content

Ubuntu EUVDEUVD-2025-32548

| CVE-2025-49641 MEDIUM
Incorrect Authorization (CWE-863)
2025-10-03 security@zabbix.com
4.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
4.3 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Ubuntu
MEDIUM
qualitative
SUSE
MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

4
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
EUVD ID Assigned
Mar 13, 2026 - 19:29 euvd
EUVD-2025-32548
Analysis Generated
Mar 13, 2026 - 19:29 vuln.today
CVE Published
Oct 03, 2025 - 12:15 nvd
MEDIUM 4.3

DescriptionCVE.org

A regular Zabbix user with no permission to the Monitoring -> Problems view is still able to call the problem.view.refresh action and therefore still retrieve a list of active problems.

Analysis

A regular Zabbix user with no permission to the Monitoring -> Problems view is still able to call the problem.view.refresh action and therefore still retrieve a list of active problems.

Technical ContextAI

This vulnerability is classified as Incorrect Authorization (CWE-863).

RemediationAI

Monitor vendor advisories for patches. Apply mitigations such as network segmentation, access restrictions, and monitoring.

More in Zabbix

View all
CVE-2016-10134 CRITICAL POC
9.8 Feb 17

SQL injection vulnerability in Zabbix before 2.2.14 and 3.0 before 3.0.4 allows remote attackers to execute arbitrary SQ

CVE-2017-2824 HIGH POC
8.1 May 24

An exploitable code execution vulnerability exists in the trapper command functionality of Zabbix Server 2.4.X. Rated hi

CVE-2016-4338 HIGH POC
8.1 Jan 23

The mysql user parameter configuration script (userparameter_mysql.conf) in the agent in Zabbix before 2.0.18, 2.2.x bef

CVE-2022-43516 CRITICAL POC
9.8 Dec 05

A Firewall Rule which allows all incoming TCP connections to all programs from any source and to all ports is created in

CVE-2022-43515 CRITICAL POC
9.8 Dec 05

Zabbix Frontend provides a feature that allows admins to maintain the installation and ensure that only certain IP addre

CVE-2022-26148 CRITICAL POC
9.8 Mar 21

An issue was discovered in Grafana through 7.3.4, when integrated with Zabbix. Rated critical severity (CVSS 9.8), this

CVE-2019-17382 CRITICAL POC
9.1 Oct 09

An issue was discovered in zabbix.php?action=dashboard.view&dashboardid=1 in Zabbix through 4.4. Rated critical severity

CVE-2024-22120 HIGH POC
8.8 May 17

Zabbix server can perform command execution for configured scripts. Rated high severity (CVSS 8.8), this vulnerability i

CVE-2012-3435 HIGH POC
7.5 Aug 15

SQL injection vulnerability in frontends/php/popup_bitem.php in Zabbix 1.8.15rc1 and earlier, and 2.x before 2.0.2rc1, a

CVE-2013-6824 HIGH POC
7.5 Dec 19

Zabbix before 1.8.19rc1, 2.0 before 2.0.10rc1, and 2.2 before 2.2.1rc1 allows remote Zabbix servers and proxies to execu

CVE-2023-32728 CRITICAL
9.8 Dec 18

The Zabbix Agent 2 item key smart.disk.get does not sanitize its parameters before passing them to a shell command resul

CVE-2020-11800 CRITICAL
9.8 Oct 07

Zabbix Server 2.2.x and 3.0.x before 3.0.31, and 3.2 allows remote attackers to execute arbitrary code. Rated critical s

Vendor StatusVendor

Ubuntu

Priority: Medium
zabbix
Release Status Version
trusty needs-triage -
xenial needs-triage -
bionic needs-triage -
focal needs-triage -
jammy needs-triage -
noble DNE -
plucky ignored end of life, was needs-triage
upstream needs-triage -
questing needs-triage -

Debian

Bug #1117448
zabbix
Release Status Fixed Version Urgency
bullseye vulnerable 1:5.0.8+dfsg-1 -
bullseye (security) vulnerable 1:5.0.47+dfsg-0+deb11u1 -
bookworm vulnerable 1:6.0.14+dfsg-1 -
trixie vulnerable 1:7.0.10+dfsg-2 -
forky, sid fixed 1:7.0.22+dfsg-1 -
(unstable) fixed 1:7.0.22+dfsg-1 -

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Server 12 SP5 Fixed
SUSE Linux Enterprise Server 12 SP5-LTSS Fixed
SUSE Linux Enterprise Server 12 SP5-LTSS Extended Security Fixed
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 Fixed
SUSE Linux Enterprise Server 12 SP3-BCL Fixed

Share

EUVD-2025-32548 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy