Insufficient Permission Validation in Checkmk Versions 2.2.0 to 2.4.0
CVE-2025-58121
5.3MEDIUM
What is CVE-2025-58121?
An insufficient permission validation flaw exists in multiple REST API endpoints of Checkmk versions 2.2.0, 2.3.0, and prior to 2.4.0p16. This vulnerability allows low-privileged users to execute unauthorized actions or access sensitive information, potentially compromising the application’s security and user data integrity. It is crucial for users of these versions to upgrade to maintain robust security measures.
Affected Version(s)
Checkmk 2.4.0 < 2.4.0p16
Checkmk 2.3.0
Checkmk 2.2.0
References
CVSS V4
Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None
Timeline
Vulnerability published
Vulnerability Reserved
Credit
PS Positive Security GmbH