CVE-2025-65000
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-18

Last updated on: 2025-12-23

Assigner: Checkmk GmbH

Description
SSH private keys of the "Remote alert handlers (Linux)" rule were exposed in the rule page's HTML source in Checkmk <= 2.4.0p18 and all versions of Checkmk 2.3.0. This potentially allowed unauthorized triggering of predefined alert handlers on hosts where the handler was deployed.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-18
Last Modified
2025-12-23
Generated
2026-06-16
AI Q&A
2025-12-18
EPSS Evaluated
2026-06-14
NVD
CVE-2025-65000
Affected Vendors & Products
Showing 74 associated CPEs
Vendor Product Version / Range
checkmk checkmk 2.2.0
checkmk checkmk 2.3.0
checkmk checkmk 2.3.0
checkmk checkmk 2.3.0
checkmk checkmk 2.3.0
checkmk checkmk 2.3.0
checkmk checkmk 2.3.0
checkmk checkmk 2.3.0
checkmk checkmk 2.3.0
checkmk checkmk 2.3.0
checkmk checkmk 2.3.0
checkmk checkmk 2.3.0
checkmk checkmk 2.3.0
checkmk checkmk 2.3.0
checkmk checkmk 2.3.0
checkmk checkmk 2.3.0
checkmk checkmk 2.3.0
checkmk checkmk 2.3.0
checkmk checkmk 2.3.0
checkmk checkmk 2.3.0
checkmk checkmk 2.3.0
checkmk checkmk 2.3.0
checkmk checkmk 2.3.0
checkmk checkmk 2.3.0
checkmk checkmk 2.3.0
checkmk checkmk 2.3.0
checkmk checkmk 2.3.0
checkmk checkmk 2.3.0
checkmk checkmk 2.3.0
checkmk checkmk 2.3.0
checkmk checkmk 2.3.0
checkmk checkmk 2.3.0
checkmk checkmk 2.3.0
checkmk checkmk 2.3.0
checkmk checkmk 2.3.0
checkmk checkmk 2.3.0
checkmk checkmk 2.3.0
checkmk checkmk 2.3.0
checkmk checkmk 2.3.0
checkmk checkmk 2.3.0
checkmk checkmk 2.3.0
checkmk checkmk 2.3.0
checkmk checkmk 2.3.0
checkmk checkmk 2.3.0
checkmk checkmk 2.3.0
checkmk checkmk 2.3.0
checkmk checkmk 2.3.0
checkmk checkmk 2.3.0
checkmk checkmk 2.3.0
checkmk checkmk 2.4.0
checkmk checkmk 2.4.0
checkmk checkmk 2.4.0
checkmk checkmk 2.4.0
checkmk checkmk 2.4.0
checkmk checkmk 2.4.0
checkmk checkmk 2.4.0
checkmk checkmk 2.4.0
checkmk checkmk 2.4.0
checkmk checkmk 2.4.0
checkmk checkmk 2.4.0
checkmk checkmk 2.4.0
checkmk checkmk 2.4.0
checkmk checkmk 2.4.0
checkmk checkmk 2.4.0
checkmk checkmk 2.4.0
checkmk checkmk 2.4.0
checkmk checkmk 2.4.0
checkmk checkmk 2.4.0
checkmk checkmk 2.4.0
checkmk checkmk 2.4.0
checkmk checkmk 2.4.0
checkmk checkmk 2.4.0
checkmk checkmk 2.4.0
checkmk checkmk 2.4.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-212 The product stores, transfers, or shares a resource that contains sensitive information, but it does not properly remove that information before the product makes the resource available to unauthorized actors.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability involves the exposure of SSH private keys in the HTML source code of the "Remote alert handlers (Linux)" rule page in Checkmk versions 2.4.0p18 and 2.3.0. An attacker who obtains these keys could potentially trigger predefined alert handlers on hosts where these handlers are deployed. However, the impact is limited because the authorized_keys file restricts which alert handlers can be executed with the key, preventing broader unauthorized access. [1]

Impact Analysis

If exploited, this vulnerability could allow an attacker to trigger predefined alert handlers on affected hosts without proper authorization. This could lead to unauthorized execution of alert handling actions, potentially disrupting monitoring or alerting processes. However, the scope of this impact is limited due to restrictions in the authorized_keys file that control which handlers can be triggered. [1]

Detection Guidance

You can detect this vulnerability by checking if the SSH private keys related to the Remote alert handlers (Linux) rule are exposed in the HTML source of the rule configuration page in your Checkmk installation. Additionally, verify if the alert handler SSH key is present in the authorized_keys file on affected hosts. Commands to assist detection include: 1) Using a web browser or curl to view the HTML source of the rule page and searching for SSH private keys, e.g., `curl -s https://your-checkmk-server/path-to-rule-page | grep 'PRIVATE KEY'`. 2) On hosts, check for the alert handler key in the authorized_keys file, e.g., `grep 'alert-handler-key' ~/.ssh/authorized_keys`. These steps help identify exposure and unauthorized keys related to this vulnerability. [1]

Mitigation Strategies

Immediate mitigation steps include: 1) Updating Checkmk to version 2.5.0b1 or later, where the issue is fixed with no manual intervention needed. 2) If updating is not possible immediately, deactivate the Remote alert handlers (Linux) rule in your Checkmk configuration. 3) Roll out updated agents to hosts. 4) Verify and remove the alert handler SSH private key from the authorized_keys file on affected hosts to prevent unauthorized triggering of alert handlers. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-65000. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart