CVE-2024-42325 Affecting zabbix package, versions <1:7.0.9+dfsg-1

Q: How to fix?

Upgrade Debian:unstable zabbix to version 1:7.0.9+dfsg-1 or higher.

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk IDSNYK-DEBIANUNSTABLE-ZABBIX-9634154
published3 Apr 2025
disclosed2 Apr 2025

Report a new vulnerability Found a mistake?

Introduced: 2 Apr 2025

NewCVE-2024-42325 (opens in a new tab)

How to fix?

Upgrade Debian:unstable zabbix to version 1:7.0.9+dfsg-1 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream zabbix package and not the zabbix package as distributed by Debian. See How to fix? for Debian:unstable relevant fixed versions and status.

Zabbix API user.get returns all users that share common group with the calling user. This includes media and other information, such as login attempts, etc.

References

https://security-tracker.debian.org/tracker/CVE-2024-42325
https://support.zabbix.com/browse/ZBX-26258