An authenticated Zabbix user (including Guest) is able to cause disproportionate CPU load on the webserver by sending specially crafted parameters to /imgstore.php, leading to potential denial of service.
CVSS
No CVSS.
References
| Link | Resource |
|---|---|
| https://support.zabbix.com/browse/ZBX-27284 |
Configurations
No configuration.
History
01 Dec 2025, 14:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2025-12-01 14:16
Updated : 2025-12-01 15:39
NVD link : CVE-2025-49643
Mitre link : CVE-2025-49643
CVE.ORG link : CVE-2025-49643
JSON object : View
Products Affected
No product.
CWE
CWE-405
Asymmetric Resource Consumption (Amplification)