Insufficient Permission Validation in Checkmk Affects User Data Access
CVE-2025-64997

6.3MEDIUM

Key Information:

Vendor: Checkmk Gmbh
Status: Checkmk
Vendor: CVE Published:; 18 December 2025

🔔 Create Checkmk Gmbh Vulnerability Alert

What is CVE-2025-64997?

A security vulnerability in Checkmk allows users with low privileges to bypass permission controls and access sensitive agent information through the REST API. This flaw affects versions prior to 2.4.0p17 and 2.3.0p42, risking potential information disclosure that could compromise system integrity. Users are advised to upgrade to the latest versions to mitigate this risk.

Affected Version(s)

Checkmk 2.4.0 < 2.4.0p17

Checkmk 2.3.0 < 2.3.0p42

References

https://checkmk.com/werk/18681

CVSS V4

Score:

6.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 18, 2025
Vulnerability Reserved
Nov 12, 2025

Credit

PS Positive Security GmbH

JSON