CVE-2025-27232 – Frontend arbitrary file read in oauth.authorize action

CVE ID : CVE-2025-27232

Published : Dec. 1, 2025, 1:16 p.m. | 1 hour, 9 minutes ago

Description : An authenticated Zabbix Super Admin can exploit the oauth.authorize action to read arbitrary files from the webserver leading to potential confidentiality loss.

Severity: 6.8 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…