Home

Description

SSH private keys of the "Remote alert handlers (Linux)" rule were exposed in the rule page's HTML source in Checkmk <= 2.4.0p18 and all versions of Checkmk 2.3.0. This potentially allowed unauthorized triggering of predefined alert handlers on hosts where the handler was deployed.

PUBLISHED Reserved 2025-11-12 | Published 2025-12-18 | Updated 2025-12-18 | Assigner Checkmk




LOW: 2.3CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:L/SA:L

Problem types

CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer

Product status

Default status
unaffected

2.4.0 (semver) before 2.4.0p18
affected

2.3.0 (semver)
affected

References

checkmk.com/werk/19030

cve.org (CVE-2025-65000)

nvd.nist.gov (CVE-2025-65000)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.