CVE-2025-32918
BaseFortify
Publication date: 2025-07-04
Last updated on: 2025-08-22
Assigner: Checkmk GmbH
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| checkmk | checkmk | 2.1.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.2.0 |
| checkmk | checkmk | 2.3.0 |
| checkmk | checkmk | 2.3.0 |
| checkmk | checkmk | 2.3.0 |
| checkmk | checkmk | 2.3.0 |
| checkmk | checkmk | 2.3.0 |
| checkmk | checkmk | 2.3.0 |
| checkmk | checkmk | 2.3.0 |
| checkmk | checkmk | 2.3.0 |
| checkmk | checkmk | 2.3.0 |
| checkmk | checkmk | 2.3.0 |
| checkmk | checkmk | 2.3.0 |
| checkmk | checkmk | 2.3.0 |
| checkmk | checkmk | 2.3.0 |
| checkmk | checkmk | 2.3.0 |
| checkmk | checkmk | 2.3.0 |
| checkmk | checkmk | 2.3.0 |
| checkmk | checkmk | 2.3.0 |
| checkmk | checkmk | 2.3.0 |
| checkmk | checkmk | 2.3.0 |
| checkmk | checkmk | 2.3.0 |
| checkmk | checkmk | 2.3.0 |
| checkmk | checkmk | 2.3.0 |
| checkmk | checkmk | 2.3.0 |
| checkmk | checkmk | 2.3.0 |
| checkmk | checkmk | 2.3.0 |
| checkmk | checkmk | 2.3.0 |
| checkmk | checkmk | 2.3.0 |
| checkmk | checkmk | 2.3.0 |
| checkmk | checkmk | 2.3.0 |
| checkmk | checkmk | 2.3.0 |
| checkmk | checkmk | 2.3.0 |
| checkmk | checkmk | 2.3.0 |
| checkmk | checkmk | 2.3.0 |
| checkmk | checkmk | 2.3.0 |
| checkmk | checkmk | 2.3.0 |
| checkmk | checkmk | 2.3.0 |
| checkmk | checkmk | 2.3.0 |
| checkmk | checkmk | 2.3.0 |
| checkmk | checkmk | 2.3.0 |
| checkmk | checkmk | 2.3.0 |
| checkmk | checkmk | 2.3.0 |
| checkmk | checkmk | 2.4.0 |
| checkmk | checkmk | 2.4.0 |
| checkmk | checkmk | 2.4.0 |
| checkmk | checkmk | 2.4.0 |
| checkmk | checkmk | 2.4.0 |
| checkmk | checkmk | 2.4.0 |
| checkmk | checkmk | 2.4.0 |
| checkmk | checkmk | 2.4.0 |
| checkmk | checkmk | 2.4.0 |
| checkmk | checkmk | 2.4.0 |
| checkmk | checkmk | 2.4.0 |
| checkmk | checkmk | 2.4.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-140 | The product does not neutralize or incorrectly neutralizes delimiters. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an improper validation issue in the autocomplete endpoint of the Checkmk REST API. It allows an authenticated user to inject arbitrary Livestatus commands by exploiting improper neutralization of command delimiters. Essentially, crafted input can manipulate the Livestatus interface, potentially leading to unauthorized command execution within affected Checkmk versions. [1]
How can this vulnerability impact me? :
An attacker with authentication can inject arbitrary Livestatus commands, which may lead to unauthorized actions within the Checkmk system. The impact is considered medium severity with limited effects on confidentiality, integrity, and availability, but it could allow manipulation of monitoring data or system behavior through the injected commands. [1]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should upgrade your Checkmk installation to a fixed version where the parameter validation in the autocomplete endpoint has been corrected. The fix is implemented in Werk #17987 and is compatible with affected versions, requiring no manual intervention beyond applying the update. [1]