CVE-2025-39664 | THREATINT

Description

Insufficient escaping in the report scheduler within Checkmk <2.4.0p13, <2.3.0p38, <2.2.0p46 and 2.1.0 (EOL) allows authenticated attackers to define the storage location of report file pairs beyond their intended root directory.

PUBLISHED Reserved 2025-04-16 | Published 2025-10-09 | Updated 2025-11-03 | Assigner Checkmk

HIGH: 7.1CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Product status

Default status

unaffected

2.4.0 (semver) before 2.4.0p13

affected

2.3.0 (semver) before 2.3.0p38

affected

2.2.0 (semver) before 2.2.0p46

affected

2.1.0 (semver)

affected

Credits

Lisa Gnedt (SBA Research) reporter

References

seclists.org/fulldisclosure/2025/Oct/7

checkmk.com/werk/17984 vendor-advisory

github.com/...025/SBA-ADV-20250730-01_Checkmk_Path_Traversal third-party-advisory

cve.org (CVE-2025-39664)

nvd.nist.gov (CVE-2025-39664)

Download JSON