CVE-2025-49641 – This CVE describes an authorization bypass vuln... (How to Fix)

Q: What is the severity of CVE-2025-49641?

CVE-2025-49641 has a CVSS score of 4.3 (MEDIUM). This CVE describes an authorization bypass vulnerability in Zabbix where regular users without proper permissions can still access the problem viewing functionality. This allows unauthorized users to retrieve lists of active problems, potentially exposing sensitive monitoring data. Organizations running affected Zabbix versions with user accounts are impacted.

📋 TL;DR

This CVE describes an authorization bypass vulnerability in Zabbix where regular users without proper permissions can still access the problem viewing functionality. This allows unauthorized users to retrieve lists of active problems, potentially exposing sensitive monitoring data. Organizations running affected Zabbix versions with user accounts are impacted.

💻 Affected Systems

Products:

Zabbix

Versions: Zabbix 7.0.0 to 7.0.3

Operating Systems: All platforms running Zabbix

Default Config Vulnerable: ⚠️ Yes

Notes: Affects Zabbix installations with regular user accounts that don't have permission to the Monitoring -> Problems view.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Unauthorized users could access sensitive monitoring data about system problems, potentially revealing infrastructure details, system health information, or operational issues that should be restricted.

🟠

Likely Case

Regular users without proper permissions gain visibility into system problems they shouldn't see, potentially learning about infrastructure issues or gaining operational intelligence.

🟢

If Mitigated

With proper access controls and monitoring, the impact is limited to information disclosure of problem lists rather than system compromise.

🌐 Internet-Facing: MEDIUM - If Zabbix web interface is exposed to the internet, unauthorized users could potentially access problem data, but authentication is still required.

🏢 Internal Only: MEDIUM - Internal users with regular accounts could access problem data beyond their intended permissions, potentially learning about infrastructure issues.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access as a regular Zabbix user and involves calling the problem.view.refresh action directly.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Zabbix 7.0.4

Vendor Advisory: https://support.zabbix.com/browse/ZBX-27063

Restart Required: Yes

Instructions:

1. Backup your Zabbix configuration and database. 2. Download Zabbix 7.0.4 from official sources. 3. Follow Zabbix upgrade documentation for your specific installation method (package manager, source, etc.). 4. Restart Zabbix services after upgrade.

🔧 Temporary Workarounds

Restrict user permissions

all

Review and tighten user permissions to minimize exposure while waiting for patch

Network segmentation

all

Restrict access to Zabbix web interface to only authorized users/networks

🧯 If You Can't Patch

Implement strict access controls and review all user permissions
Monitor audit logs for unauthorized access to problem viewing functionality

🔍 How to Verify

Check if Vulnerable:

Check if running Zabbix version 7.0.0 through 7.0.3. Test with a regular user account without Monitoring -> Problems permission to see if they can access problem data.

Check Version:

zabbix_server --version or check Zabbix web interface under Administration -> General -> About

Verify Fix Applied:

After upgrading to Zabbix 7.0.4, verify that regular users without proper permissions cannot access problem viewing functionality.

📡 Detection & Monitoring

Log Indicators:

Audit log entries showing regular users accessing problem.view.refresh action
Unauthorized access attempts to problem viewing functionality

Network Indicators:

HTTP requests to problem.view.refresh endpoint from unauthorized users

SIEM Query:

source="zabbix" AND (action="problem.view.refresh" OR uri="/zabbix.php?action=problem.view.refresh")

📊 Metadata

CVE ID: CVE-2025-49641

CVSS v3 Score: 4.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE: CWE-863

EPSS Score: 0.05% exploit probability (14.2th percentile)

Published: October 3, 2025

Last Updated: October 8, 2025

🔗 References

https://support.zabbix.com/browse/ZBX-27063 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-49641, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Zabbix by Zabbix

Zabbix by Zabbix

Zabbix by Zabbix

Zabbix by Zabbix

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Restrict user permissions

Network segmentation

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities