A regular Zabbix user with no permission to the Monitoring -> Problems view is still able to call the problem.view.refresh action and therefore still retrieve a list of active problems.
CVSS Score
4.3
EPSS Score
0.001
Published
2025-10-03
The LDAP 'Bind password' value cannot be read after saving, but a Super Admin account can leak it by changing LDAP 'Host' to a rogue LDAP server. To mitigate this, the 'Bind password' value is now reset on 'Host' change.
CVSS Score
4.9
EPSS Score
0.0
Published
2025-10-03