PT-2026-27382 · Checkmk Gmbh+2 · Checkmk
Lisa Gnedt
·
Published
2026-03-24
·
Updated
2026-03-24
·
CVE-2025-64998
CVSS v4.0
7.3
High
| Vector | AV:N/AC:L/AT:P/PR:H/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
Checkmk versions prior to 2.4.0p23
Checkmk versions prior to 2.3.0p45
Checkmk version 2.2.0
Description
Exposure of the session signing secret allows an administrator of a remote site with config sync enabled to hijack sessions on the central site by forging session cookies.
Recommendations
Update to version 2.4.0p23 or later.
Update to version 2.3.0p45 or later.
Update to a version newer than 2.2.0.
Fix
Insufficiently Protected Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Checkmk