Arbitrary Command Execution in Checkmk's RestAPI due to Improper Sanitization
CVE-2024-38865

6MEDIUM

Key Information:

Vendor: Checkmk Gmbh
Status: Checkmk
Vendor: CVE Published:; 10 April 2025

🔔 Create Checkmk Gmbh Vulnerability Alert

What is CVE-2024-38865?

The Checkmk RestAPI is susceptible to a security vulnerability that allows unauthorized execution of arbitrary livestatus commands due to improper neutralization of command delimiters. This flaw exists in specific endpoints and can be exploited if the attacker has a user account assigned to a contact group, and the malicious event originates from a host within the same contact group, or from an event generated with an unknown host. Successful exploitation could lead to unauthorized manipulation and execution of commands, potentially compromising the integrity of the system.

Affected Version(s)

Checkmk 2.3.0 < 2.3.0p25

Checkmk 2.2.0 < 2.2.0p39

Checkmk 2.1.0 <= 2.1.0p50

References

https://checkmk.com/werk/17028

CVSS V4

Score:

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 10, 2025
Vulnerability Reserved
Jun 20, 2024