PT-2026-22137 · Checkmk · Checkmk
Lisa Gnedt
·
Published
2026-02-26
·
Updated
2026-03-05
·
CVE-2025-64999
CVSS v4.0
7.3
High
| Vector | AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:L/SA:N |
Name of the Vulnerable Software and Affected Versions
Checkmk versions 2.3.0 through 2.3.0p43
Checkmk versions 2.4.0 through 2.4.0p22
Description
The software contains a flaw due to improper neutralization of input. An attacker who can manipulate a host's check output can inject malicious JavaScript into the Synthetic Monitoring HTML logs. This injected code can then be accessed through a specially crafted phishing link.
Recommendations
Update Checkmk to version 2.3.0p43 or later.
Update Checkmk to version 2.4.0p22 or later.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Checkmk