Insufficient Permission Validation in Checkmk Versions 2.2.0 to 2.4.0
CVE-2025-58121

5.3MEDIUM

Key Information:

Vendor: Checkmk Gmbh
Status: Checkmk
Vendor: CVE Published:; 18 November 2025

🔔 Create Checkmk Gmbh Vulnerability Alert

What is CVE-2025-58121?

An insufficient permission validation flaw exists in multiple REST API endpoints of Checkmk versions 2.2.0, 2.3.0, and prior to 2.4.0p16. This vulnerability allows low-privileged users to execute unauthorized actions or access sensitive information, potentially compromising the application’s security and user data integrity. It is crucial for users of these versions to upgrade to maintain robust security measures.

Affected Version(s)

Checkmk 2.4.0 < 2.4.0p16

Checkmk 2.3.0

Checkmk 2.2.0

References

https://checkmk.com/werk/18983

CVSS V4

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 18, 2025
Vulnerability Reserved
Aug 25, 2025

Credit

PS Positive Security GmbH

JSON