Source: zabbix Version: 1:7.0.10+dfsg-2 Severity: important Tags: upstream Forwarded: https://support.zabbix.com/browse/ZBX-27284 X-Debbugs-Cc: [email protected]
Hi, The following vulnerability was published for zabbix. CVE-2025-49643[0]: | An authenticated Zabbix user (including Guest) is able to cause | disproportionate CPU load on the webserver by sending specially | crafted parameters to /imgstore.php, leading to potential denial of | service. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2025-49643 https://www.cve.org/CVERecord?id=CVE-2025-49643 [1] https://support.zabbix.com/browse/ZBX-27284 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
