CVE-2025-27231Insufficiently Protected Credentials in Zabbix

CWE-522Insufficiently Protected Credentials5 documents5 sources
Severity
4.3MEDIUMNVD
EPSS
0.0%
top 86.68%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Zabbix
Timeline
PublishedOct 3

Description

The LDAP 'Bind password' value cannot be read after saving, but a Super Admin account can leak it by changing LDAP 'Host' to a rogue LDAP server. To mitigate this, the 'Bind password' value is now reset on 'Host' change.

CVSS vector

CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N

Affected Packages3 packages

NVDzabbix/zabbix6.0.06.0.41+3
Debianzabbix/zabbix< 1:7.0.22+dfsg-1~deb13u1+1
CVEListV5zabbix/zabbix6.0.06.0.40+3

🔴Vulnerability Details

3
CVEList
LDAP 'Bind password' field value can be leaked by a Zabbix Super Admin2025-10-03
GHSA
GHSA-c945-v35p-v696: The LDAP 'Bind password' value cannot be read after saving, but a Super Admin account can leak it by changing LDAP 'Host' to a rogue LDAP server2025-10-03
OSV
CVE-2025-27231: The LDAP 'Bind password' value cannot be read after saving, but a Super Admin account can leak it by changing LDAP 'Host' to a rogue LDAP server2025-10-03

📋Vendor Advisories

1
Debian
CVE-2025-27231: zabbix - The LDAP 'Bind password' value cannot be read after saving, but a Super Admin ac...2025
CVE-2025-27231 — Insufficiently Protected Credentials | cvebase