PT-2025-41389 · Checkmk · Checkmk
Lisa Gnedt
·
Published
2025-10-09
·
Updated
2025-10-09
·
CVE-2025-39664
CVSS v4.0
7.1
High
| Vector | AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
Checkmk versions prior to 2.4.0p13
Checkmk versions prior to 2.3.0p38
Checkmk versions prior to 2.2.0p46
Checkmk version 2.1.0
Description
A flaw exists in the report scheduler of Checkmk that allows authenticated attackers to define the storage location of report file pairs outside of the intended root directory due to insufficient escaping. This could allow for unauthorized file access or modification.
Recommendations
Update Checkmk to version 2.4.0p13 or later.
Update Checkmk to version 2.3.0p38 or later.
Update Checkmk to version 2.2.0p46 or later.
Do not use Checkmk version 2.1.0 as it is end-of-life.
Exploit
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Checkmk