CVE-2025-27232 | Zabbix up to 7.4.2 oauth.authorize server-side request forgery (EUVD-2025-199987)

December 1, 2025 Yanac

A vulnerability was found in Zabbix up to 7.4.2. It has been declared as critical. Affected by this vulnerability is the function oauth.authorize. Executing manipulation can lead to server-side request forgery.

This vulnerability is registered as CVE-2025-27232. The attack requires access to the local network. No exploit is available.VulDB Recent EntriesRead More

CVE-2025-49642 | Zabbix up to 6.0.36/7.0.5/7.2.0 on AIX /home/cecuser untrusted search path (EUVD-2025-199986)
CVE-2025-12106 | OpenVPN up to 2.7_rc1 IP Address Parser buffer over-read (EUVD-2025-199988)