CVE-2025-58122
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-11-18
Last updated on: 2025-11-24
Assigner: Checkmk GmbH
Description
Description
Insufficient permission validation in Checkmk 2.4.0 before version 2.4.0p16 allows low-privileged users to modify notification parameters via the REST API, which could lead to unauthorized actions or information disclosure.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| checkmk | checkmk | 2.4.0 |
| checkmk | checkmk | 2.4.0 |
| checkmk | checkmk | 2.4.0 |
| checkmk | checkmk | 2.4.0 |
| checkmk | checkmk | 2.4.0 |
| checkmk | checkmk | 2.4.0 |
| checkmk | checkmk | 2.4.0 |
| checkmk | checkmk | 2.4.0 |
| checkmk | checkmk | 2.4.0 |
| checkmk | checkmk | 2.4.0 |
| checkmk | checkmk | 2.4.0 |
| checkmk | checkmk | 2.4.0 |
| checkmk | checkmk | 2.4.0 |
| checkmk | checkmk | 2.4.0 |
| checkmk | checkmk | 2.4.0 |
| checkmk | checkmk | 2.4.0 |
| checkmk | checkmk | 2.4.0 |
| checkmk | checkmk | 2.4.0 |
| checkmk | checkmk | 2.4.0 |
| checkmk | checkmk | 2.4.0 |
| checkmk | checkmk | 2.4.0 |
| checkmk | checkmk | 2.4.0 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-280 | The product does not handle or incorrectly handles when it has insufficient privileges to access resources or functionality as specified by their permissions. This may cause it to follow unexpected code paths that may leave the product in an invalid state. |
