CVE-2025-39663

Summary

Cross-Site Scripting (XSS) vulnerability in Checkmk's distributed monitoring allows a compromised remote site to inject malicious HTML code into service outputs in the central site. Affecting Checkmk before 2.4.0p14, 2.3.0p39, 2.2.0 and 2.1.0 (eol).

Affected Software

VendorProductVersion RangeStatus
Checkmk GmbHCheckmk2.4.0 < 2.4.0p14affected
Checkmk GmbHCheckmk2.3.0 < 2.3.0p39affected
Checkmk GmbHCheckmk2.2.0affected
Checkmk GmbHCheckmk2.1.0affected

Weaknesses

  • CWE-80: CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: total

Additional References

CVE Program Container

Additional References

References