Local File Security Flaw in Checkmk Affects Sensitive Monitoring Data
CVE-2025-64996

4.8MEDIUM

Key Information:

Vendor: Checkmk Gmbh
Status: Checkmk
Vendor: CVE Published:; 18 November 2025

🔔 Create Checkmk Gmbh Vulnerability Alert

What is CVE-2025-64996?

The mk_inotify plugin in Checkmk, specifically in versions prior to 2.4.0p16 and 2.3.0p41, creates files with incorrect permissions that are both world-readable and writable. This misconfiguration allows any local user on the system to read the output from these plugin files and alter them. As a result, such access can lead to unauthorized viewing or alteration of sensitive monitoring data, posing significant risks to system integrity and data confidentiality.

Affected Version(s)

Checkmk 2.4.0 < 2.4.0p16

Checkmk 2.3.0 < 2.3.0p41

Checkmk 2.2.0

References

https://checkmk.com/werk/18570

CVSS V4

Score:

4.8

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 18, 2025
Vulnerability Reserved
Nov 12, 2025

JSON