{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"moderate"},"category":"csaf_vex","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"SUSE CVE-2026-23925","title":"Title"},{"category":"description","text":"An authenticated Zabbix user (User role) with template/host write permissions is able to create objects via the configuration.import API. This can lead to confidentiality loss by creating unauthorized hosts. Note that the User role is normally not sufficient to create and edit templates/hosts even with write permissions.","title":"Description of the CVE"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"CVE-2026-23925","url":"https://www.suse.com/security/cve/CVE-2026-23925"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"SUSE Bug 1259286 for CVE-2026-23925","url":"https://bugzilla.suse.com/1259286"}],"title":"SUSE CVE CVE-2026-23925","tracking":{"current_release_date":"2026-03-07T00:26:16Z","generator":{"date":"2026-03-07T00:26:16Z","engine":{"name":"cve-database.git:bin/generate-csaf-vex.pl","version":"1"}},"id":"CVE-2026-23925","initial_release_date":"2026-03-07T00:26:16Z","revision_history":[{"date":"2026-03-07T00:26:16Z","number":"2","summary":"vulnerabilities added,references added,severity changed from  to moderate"}],"status":"interim","version":"2"}},"product_tree":{"branches":[{"branches":[{"branches":[{"category":"product_name","name":"SUSE Linux Enterprise Server 12 SP4-LTSS","product":{"name":"SUSE Linux Enterprise Server 12 SP4-LTSS","product_id":"SUSE Linux Enterprise Server 12 SP4-LTSS","product_identification_helper":{"cpe":"cpe:/o:suse:sles-ltss:12:sp4"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 12 SP5-LTSS","product":{"name":"SUSE Linux Enterprise Server 12 SP5-LTSS","product_id":"SUSE Linux Enterprise Server 12 SP5-LTSS","product_identification_helper":{"cpe":"cpe:/o:suse:sles-ltss:12:sp5"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 12 SP5-LTSS Extended Security","product":{"name":"SUSE Linux Enterprise Server 12 SP5-LTSS Extended Security","product_id":"SUSE Linux Enterprise Server 12 SP5-LTSS Extended Security","product_identification_helper":{"cpe":"cpe:/o:suse:sles-ltss-extended-security:12:sp5"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server Teradata 12 SP3","product":{"name":"SUSE Linux Enterprise Server Teradata 12 SP3","product_id":"SUSE Linux Enterprise Server Teradata 12 SP3","product_identification_helper":{"cpe":"cpe:/o:suse:sles_teradata:12:sp3"}}},{"category":"product_version","name":"zabbix","product":{"name":"zabbix","product_id":"zabbix","product_identification_helper":{"cpe":"cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/zabbix@"}}},{"category":"product_version","name":"zabbix-agent","product":{"name":"zabbix-agent","product_id":"zabbix-agent","product_identification_helper":{"cpe":"cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/zabbix-agent@?upstream=zabbix.src.rpm"}}}],"category":"product_family","name":"SUSE Linux Enterprise"}],"category":"vendor","name":"SUSE"}],"relationships":[{"category":"default_component_of","full_product_name":{"name":"zabbix-agent as component of SUSE Linux Enterprise Server 12 SP4-LTSS","product_id":"SUSE Linux Enterprise Server 12 SP4-LTSS:zabbix-agent"},"product_reference":"zabbix-agent","relates_to_product_reference":"SUSE Linux Enterprise Server 12 SP4-LTSS"},{"category":"default_component_of","full_product_name":{"name":"zabbix as component of SUSE Linux Enterprise Server 12 SP4-LTSS","product_id":"SUSE Linux Enterprise Server 12 SP4-LTSS:zabbix"},"product_reference":"zabbix","relates_to_product_reference":"SUSE Linux Enterprise Server 12 SP4-LTSS"},{"category":"default_component_of","full_product_name":{"name":"zabbix-agent as component of SUSE Linux Enterprise Server 12 SP5-LTSS","product_id":"SUSE Linux Enterprise Server 12 SP5-LTSS:zabbix-agent"},"product_reference":"zabbix-agent","relates_to_product_reference":"SUSE Linux Enterprise Server 12 SP5-LTSS"},{"category":"default_component_of","full_product_name":{"name":"zabbix as component of SUSE Linux Enterprise Server 12 SP5-LTSS","product_id":"SUSE Linux Enterprise Server 12 SP5-LTSS:zabbix"},"product_reference":"zabbix","relates_to_product_reference":"SUSE Linux Enterprise Server 12 SP5-LTSS"},{"category":"default_component_of","full_product_name":{"name":"zabbix as component of SUSE Linux Enterprise Server 12 SP5-LTSS Extended Security","product_id":"SUSE Linux Enterprise Server 12 SP5-LTSS Extended Security:zabbix"},"product_reference":"zabbix","relates_to_product_reference":"SUSE Linux Enterprise Server 12 SP5-LTSS Extended Security"},{"category":"default_component_of","full_product_name":{"name":"zabbix as component of SUSE Linux Enterprise Server Teradata 12 SP3","product_id":"SUSE Linux Enterprise Server Teradata 12 SP3:zabbix"},"product_reference":"zabbix","relates_to_product_reference":"SUSE Linux Enterprise Server Teradata 12 SP3"}]},"vulnerabilities":[{"cve":"CVE-2026-23925","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2026-23925"}],"notes":[{"category":"general","text":"An authenticated Zabbix user (User role) with template/host write permissions is able to create objects via the configuration.import API. This can lead to confidentiality loss by creating unauthorized hosts. Note that the User role is normally not sufficient to create and edit templates/hosts even with write permissions.","title":"CVE description"}],"product_status":{"known_affected":["SUSE Linux Enterprise Server 12 SP4-LTSS:zabbix","SUSE Linux Enterprise Server 12 SP4-LTSS:zabbix-agent","SUSE Linux Enterprise Server 12 SP5-LTSS Extended Security:zabbix","SUSE Linux Enterprise Server 12 SP5-LTSS:zabbix","SUSE Linux Enterprise Server 12 SP5-LTSS:zabbix-agent","SUSE Linux Enterprise Server Teradata 12 SP3:zabbix"]},"references":[{"category":"external","summary":"CVE-2026-23925","url":"https://www.suse.com/security/cve/CVE-2026-23925"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"SUSE Bug 1259286 for CVE-2026-23925","url":"https://bugzilla.suse.com/1259286"}],"threats":[{"category":"impact","date":"2026-03-06T11:00:32Z","details":"moderate"}],"title":"CVE-2026-23925"}]}