CVE-2025-49643

Summary

An authenticated Zabbix user (including Guest) is able to cause disproportionate CPU load on the webserver by sending specially crafted parameters to /imgstore.php, leading to potential denial of service.

Affected Software

VendorProductVersion RangeStatus
ZabbixZabbix6.0.0 <= 6.0.41affected
ZabbixZabbix7.0.0 <= 7.0.18affected
ZabbixZabbix7.2.0 <= 7.2.12affected
ZabbixZabbix7.4.0 <= 7.4.2affected

Weaknesses

  • CWE-405: CWE-405: Asymmetric Resource Consumption (Amplification)

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References