PT-2026-22137 · Checkmk · Checkmk
Lisa Gnedt
·
Publicado
2026-02-26
·
Atualizado
2026-03-05
·
CVE-2025-64999
CVSS v4.0
7.3
Alta
| Vetor | AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:L/SA:N |
Name of the Vulnerable Software and Affected Versions
Checkmk versions 2.3.0 through 2.3.0p43
Checkmk versions 2.4.0 through 2.4.0p22
Description
The software contains a flaw due to improper neutralization of input. An attacker who can manipulate a host's check output can inject malicious JavaScript into the Synthetic Monitoring HTML logs. This injected code can then be accessed through a specially crafted phishing link.
Recommendations
Update Checkmk to version 2.3.0p43 or later.
Update Checkmk to version 2.4.0p22 or later.
Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Checkmk