CVE-2025-58121 | THREATINT

Description

Insufficient permission validation on multiple REST API endpoints in Checkmk 2.2.0, 2.3.0, and 2.4.0 before version 2.4.0p16 allows low-privileged users to perform unauthorized actions or obtain sensitive information

PUBLISHED Reserved 2025-08-25 | Published 2025-11-18 | Updated 2025-11-18 | Assigner Checkmk

MEDIUM: 5.3CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Problem types

CWE-280: Improper Handling of Insufficient Permissions or Privileges

Product status

Default status

unaffected

2.4.0 (semver) before 2.4.0p16

affected

2.3.0 (semver)

affected

2.2.0 (semver)

affected

Credits

PS Positive Security GmbH reporter

References

checkmk.com/werk/18983

cve.org (CVE-2025-58121)

nvd.nist.gov (CVE-2025-58121)

Download JSON