PT-2025-27866 · Checkmk · Checkmk
Published
2025-07-04
·
Updated
2025-07-04
·
CVE-2025-32918
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
Checkmk versions prior to 2.4.0p6
Checkmk versions prior to 2.3.0p35
Checkmk versions prior to 2.2.0p44
Checkmk version 2.1.0
Description:
The issue is related to the improper neutralization of Livestatus command delimiters in the autocomplete endpoint within the RestAPI. This allows an authenticated user to inject arbitrary Livestatus commands.
Recommendations:
For versions prior to 2.4.0p6, update to version 2.4.0p6 or later.
For versions prior to 2.3.0p35, update to version 2.3.0p35 or later.
For versions prior to 2.2.0p44, update to version 2.2.0p44 or later.
For version 2.1.0, consider upgrading to a supported version, as 2.1.0 is end-of-life.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Checkmk