Wiz Vulnerability Database CVE-2024-42327 CVE-2024-42327 : Zabbix Server vulnerability analysis and mitigation Overview CVE-2024-42327 is a critical SQL injection vulnerability discovered in Zabbix, a popular open-source IT infrastructure monitoring platform. The vulnerability affects Zabbix frontend versions 6.0.0 through 6.0.31, 6.4.0 through 6.4.16, and 7.0.0. The flaw was discovered by Márk Rákóczi and reported through the HackerOne bug bounty platform ( SecurityOnline Info , NVD ). Technical details The vulnerability exists in the CUser class's addRelatedObjects function, which is called by the CUser.get method. Specifically, the flaw is in the user.get method's selectRole functionality, where array input validation is lacking. The vulnerability has been assigned a critical CVSS v3.1 score of 9.9 (AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H) and is classified as CWE-89 (SQL Injection) ( NVD , Zabbix Support ). Impact Successful exploitation of this vulnerability can lead to severe consequences including data breaches with access to sensitive monitoring data, system configurations, and user credentials. Attackers can potentially gain complete control of Zabbix instances, compromise the underlying Zabbix server, and possibly pivot to other connected systems. Additionally, attackers can disrupt monitoring operations by manipulating or deleting critical data ( SecurityOnline Info ). Mitigation and workarounds Zabbix has released patched versions to address this vulnerability: 6.0.32rc1, 6.4.17rc1, and 7.0.1rc1. Organizations are strongly advised to immediately update their Zabbix installations to these patched versions. Additionally, it is recommended to review and restrict unnecessary API permissions to minimize the attack surface ( SecurityOnline Info ). Additional resources NVD SecurityOnline Info SecurityOnline Exploit Zabbix Support Source : This report was generated using AI Related Zabbix Server vulnerabilities: CVE ID Severity Score Technologies Component name CISA KEV exploit Has fix Published date CVE-2025-27237 HIGH 7.3 Zabbix Server cpe:2.3:a:zabbix:zabbix No No Oct 03, 2025 CVE-2025-27232 MEDIUM 6.8 Zabbix Server cpe:2.3:a:zabbix:zabbix No Yes Dec 01, 2025 CVE-2025-49643 MEDIUM 6 Zabbix Server cpe:2.3:a:zabbix:zabbix No Yes Dec 01, 2025 CVE-2025-49642 MEDIUM 5.8 Zabbix Server cpe:2.3:a:zabbix:zabbix No Yes Dec 01, 2025 CVE-2025-49641 MEDIUM 5.1 Zabbix Server cpe:2.3:a:zabbix:zabbix No Yes Oct 03, 2025 Free Vulnerability Assessment Benchmark your Cloud Security Posture Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses. Request assessment Additional Wiz resources Cloud Vulnerability DB A community-led vulnerabilities database Cloud Threat Landscape A threat intelligence database PEACH A tenant isolation framework Get a personalized demo Ready to see Wiz in action? "Best User Experience I have ever seen, provides full visibility to cloud workloads." David Estlick CISO "Wiz provides a single pane of glass to see what is going on in our cloud environments." Adam Fletcher Chief Security Officer "We know that if Wiz identifies something as critical, it actually is." Greg Poniatowski Head of Threat and Vulnerability Management Get a demo