Insufficient Permission Validation in Checkmk 2.4 Affecting Checkmk Software
CVE-2025-58122

5.3MEDIUM

Key Information:

Vendor: Checkmk Gmbh
Status: Checkmk
Vendor: CVE Published:; 18 November 2025

🔔 Create Checkmk Gmbh Vulnerability Alert

What is CVE-2025-58122?

A vulnerability in Checkmk 2.4.0 prior to version 2.4.0p16 allows low-privileged users to exploit insufficient permission validation via the REST API. This weakness enables unauthorized modifications to notification parameters, potentially leading to unauthorized actions or the disclosure of sensitive information.

Affected Version(s)

Checkmk 2.4.0 < 2.4.0p16

References

https://checkmk.com/werk/18982

CVSS V4

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 18, 2025
Vulnerability Reserved
Aug 25, 2025

Credit

PS Positive Security GmbH

JSON