CVE-2024-42325 LOW

CVE-2024-42325: Excessive information returned by user.get

Vendor Zabbix
Product Zabbix
Weakness CWE-359
Published April 2, 2025
Last update November 3, 2025

CVSS base score

2.1/10
Attack vector Adjacent
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Zabbix API user.get returns all users that share common group with the calling user. This includes media and other information, such as login attempts, etc.

Key dates

02Disclosure timeline

April 2, 2025 CVE published
November 3, 2025 Record updated