Home

Description

Improper Certificate Validation in Checkmk Exchange plugin check-mk-api allows attackers in MitM position to intercept traffic.

PUBLISHED Reserved 2025-08-25 | Published 2025-08-28 | Updated 2025-10-07 | Assigner Checkmk




MEDIUM: 6.9CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:H/SI:N/SA:N

Problem types

CWE-295 Improper Certificate Validation

Product status

Default status
unaffected

2.2 (semver) before 6.1.1
affected

Credits

Felix Eberstaller (Limes Security) finder

Jakob Hartmann (Limes Security) finder

References

exchange.checkmk.com/p/check-mk-api product

cve.org (CVE-2025-58124)

nvd.nist.gov (CVE-2025-58124)

Download JSON