Session Hijacking Vulnerability in Checkmk by tribe29
CVE-2025-64998

7.3HIGH

Key Information:

Vendor: Checkmk Gmbh
Status: Checkmk
Vendor: CVE Published:; 24 March 2026

🔔 Create Checkmk Gmbh Vulnerability Alert

What is CVE-2025-64998?

A security flaw exists in Checkmk, where an exposure of the session signing secret allows an administrator from a remote site with config sync enabled to manipulate and hijack sessions on the central site by forging session cookies. This vulnerability poses a significant risk, enabling unauthorized access to sensitive information.

Affected Version(s)

Checkmk 2.4.0 < 2.4.0p23

Checkmk 2.3.0 < 2.3.0p45

Checkmk 2.2.0

References

https://checkmk.com/werk/18954

vendor-advisory

CVSS V4

Score:

7.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 24, 2026
Vulnerability Reserved
Nov 12, 2025

Credit

Lisa Gnedt (SBA Research)

CVE-2025-64998 Data

JSON