Insufficient Escaping Vulnerability in Checkmk Reporting Tool
CVE-2025-39664

7.1HIGH

Key Information:

Vendor: Checkmk Gmbh
Status: Checkmk
Vendor: CVE Published:; 9 October 2025

🔔 Create Checkmk Gmbh Vulnerability Alert

What is CVE-2025-39664?

The Checkmk reporting tool contains a vulnerability due to insufficient escaping in the report scheduler. This flaw allows authenticated attackers to manipulate the storage location of report file pairs, potentially leading them to store files outside the designated root directory, which can compromise data security and integrity.

Affected Version(s)

Checkmk 2.4.0 < 2.4.0p13

Checkmk 2.3.0 < 2.3.0p38

Checkmk 2.2.0 < 2.2.0p46

References

https://checkmk.com/werk/17984

vendor-advisory

https://github.com/sbaresearch/advisories/tree/public/202...

third-party-advisory

CVSS V4

Score:

7.1

Severity:

HIGH

Confidentiality:

None

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Oct 9, 2025
Vulnerability Reserved
Apr 16, 2025

Credit

Lisa Gnedt (SBA Research)

JSON