CVE-2025-27236 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2025-27236 Interim 1 1 2025-10-04T23:27:14Z current 2025-10-04T23:27:14Z 2025-10-04T23:27:14Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2025-27236 A regular Zabbix user can search other users in their user group via Zabbix API by select fields the user does not have access to view. This allows data-mining some field values the user does not have access to. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise Server 12 SP4-LTSS SUSE Linux Enterprise Server 12 SP5-LTSS SUSE Linux Enterprise Server 12 SP5-LTSS Extended Security SUSE Linux Enterprise Server Teradata 12 SP3 zabbix zabbix-agent zabbix-agent as a component of SUSE Linux Enterprise Server 12 SP4-LTSS zabbix as a component of SUSE Linux Enterprise Server 12 SP4-LTSS zabbix-agent as a component of SUSE Linux Enterprise Server 12 SP5-LTSS zabbix as a component of SUSE Linux Enterprise Server 12 SP5-LTSS zabbix as a component of SUSE Linux Enterprise Server 12 SP5-LTSS Extended Security zabbix as a component of SUSE Linux Enterprise Server Teradata 12 SP3 A regular Zabbix user can search other users in their user group via Zabbix API by select fields the user does not have access to view. This allows data-mining some field values the user does not have access to. CVE-2025-27236 SUSE Linux Enterprise Server 12 SP4-LTSS:zabbix SUSE Linux Enterprise Server 12 SP4-LTSS:zabbix-agent SUSE Linux Enterprise Server 12 SP5-LTSS Extended Security:zabbix SUSE Linux Enterprise Server 12 SP5-LTSS:zabbix SUSE Linux Enterprise Server 12 SP5-LTSS:zabbix-agent SUSE Linux Enterprise Server Teradata 12 SP3:zabbix low 3.5 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N