CVE-2025-1712 | THREATINT

Description

Argument injection in special agent configuration in Checkmk <2.4.0p1, <2.3.0p32, <2.2.0p42 and 2.1.0 allows authenticated attackers to write arbitrary files

PUBLISHED Reserved 2025-02-26 | Published 2025-05-21 | Updated 2025-05-21 | Assigner Checkmk

HIGH: 8.7CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

Product status

Default status

unaffected

2.4.0 (semver) before 2.4.0p1

affected

2.3.0 (semver) before 2.3.0p32

affected

2.2.0 (semver) before 2.2.0p42

affected

2.1.0 (semver)

affected

Credits

PS Positive Security GmbH reporter

References

checkmk.com/werk/17996

cve.org (CVE-2025-1712)

nvd.nist.gov (CVE-2025-1712)

Download JSON