Vulnerability-Lookup

CVE-2025-39664 (GCVE-0-2025-39664)

Vulnerability from cvelistv5 – Published: 2025-10-09 15:01 – Updated: 2025-11-03 17:42

Title

Path-Traversal in report scheduler

Summary

Insufficient escaping in the report scheduler within Checkmk <2.4.0p13, <2.3.0p38, <2.2.0p46 and 2.1.0 (EOL) allows authenticated attackers to define the storage location of report file pairs beyond their intended root directory.

Severity ?

7.1 (High)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N

CWE

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Assigner

Checkmk

References

URL

Tags

	https://checkmk.com/werk/17984	vendor-advisory
	https://github.com/sbaresearch/advisories/tree/pu…	third-party-advisory

Impacted products

	Vendor	Product	Version
	Checkmk GmbH	Checkmk	Affected: 2.4.0 , < 2.4.0p13 (semver) Affected: 2.3.0 , < 2.3.0p38 (semver) Affected: 2.2.0 , < 2.2.0p46 (semver) Affected: 2.1.0 (semver)

Credits

Lisa Gnedt (SBA Research)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-39664",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-09T15:11:29.421831Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-14T14:16:32.333Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T17:42:07.064Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://seclists.org/fulldisclosure/2025/Oct/7"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Checkmk",
          "vendor": "Checkmk GmbH",
          "versions": [
            {
              "lessThan": "2.4.0p13",
              "status": "affected",
              "version": "2.4.0",
              "versionType": "semver"
            },
            {
              "lessThan": "2.3.0p38",
              "status": "affected",
              "version": "2.3.0",
              "versionType": "semver"
            },
            {
              "lessThan": "2.2.0p46",
              "status": "affected",
              "version": "2.2.0",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "2.1.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Lisa Gnedt (SBA Research)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Insufficient escaping in the report scheduler within Checkmk \u003c2.4.0p13, \u003c2.3.0p38, \u003c2.2.0p46 and 2.1.0 (EOL) allows authenticated attackers to define the storage location of report file pairs beyond their intended root directory."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-165",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-165 File Manipulation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-13T14:25:22.212Z",
        "orgId": "f7d6281c-4801-44ce-ace2-493291dedb0f",
        "shortName": "Checkmk"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://checkmk.com/werk/17984"
        },
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://github.com/sbaresearch/advisories/tree/public/2025/SBA-ADV-20250730-01_Checkmk_Path_Traversal"
        }
      ],
      "title": "Path-Traversal in report scheduler"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f7d6281c-4801-44ce-ace2-493291dedb0f",
    "assignerShortName": "Checkmk",
    "cveId": "CVE-2025-39664",
    "datePublished": "2025-10-09T15:01:55.877Z",
    "dateReserved": "2025-04-16T07:07:38.256Z",
    "dateUpdated": "2025-11-03T17:42:07.064Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://seclists.org/fulldisclosure/2025/Oct/7\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-11-03T17:42:07.064Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-39664\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-10-09T15:11:29.421831Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-10-09T15:11:32.693Z\"}}], \"cna\": {\"title\": \"Path-Traversal in report scheduler\", \"credits\": [{\"lang\": \"en\", \"type\": \"reporter\", \"value\": \"Lisa Gnedt (SBA Research)\"}], \"impacts\": [{\"capecId\": \"CAPEC-165\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-165 File Manipulation\"}]}], \"metrics\": [{\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 7.1, \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N\"}}], \"affected\": [{\"vendor\": \"Checkmk GmbH\", \"product\": \"Checkmk\", \"versions\": [{\"status\": \"affected\", \"version\": \"2.4.0\", \"lessThan\": \"2.4.0p13\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"2.3.0\", \"lessThan\": \"2.3.0p38\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"2.2.0\", \"lessThan\": \"2.2.0p46\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"2.1.0\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://checkmk.com/werk/17984\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://github.com/sbaresearch/advisories/tree/public/2025/SBA-ADV-20250730-01_Checkmk_Path_Traversal\", \"tags\": [\"third-party-advisory\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Insufficient escaping in the report scheduler within Checkmk \u003c2.4.0p13, \u003c2.3.0p38, \u003c2.2.0p46 and 2.1.0 (EOL) allows authenticated attackers to define the storage location of report file pairs beyond their intended root directory.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-22\", \"description\": \"CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"f7d6281c-4801-44ce-ace2-493291dedb0f\", \"shortName\": \"Checkmk\", \"dateUpdated\": \"2025-10-13T14:25:22.212Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-39664\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-11-03T17:42:07.064Z\", \"dateReserved\": \"2025-04-16T07:07:38.256Z\", \"assignerOrgId\": \"f7d6281c-4801-44ce-ace2-493291dedb0f\", \"datePublished\": \"2025-10-09T15:01:55.877Z\", \"assignerShortName\": \"Checkmk\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

GHSA-WM22-3GHP-687P

Vulnerability from github – Published: 2025-10-09 15:31 – Updated: 2025-12-04 21:31

Details

Severity ?

6.5 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

7.1 (High)


                  
                    CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2025-39664"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-09T15:16:06Z",
    "severity": "HIGH"
  },
  "details": "Insufficient escaping in the report scheduler within Checkmk \u003c2.4.0p13, \u003c2.3.0p38, \u003c2.2.0p46 and 2.1.0 (EOL) allows authenticated attackers to define the storage location of report file pairs beyond their intended root directory.",
  "id": "GHSA-wm22-3ghp-687p",
  "modified": "2025-12-04T21:31:01Z",
  "published": "2025-10-09T15:31:03Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-39664"
    },
    {
      "type": "WEB",
      "url": "https://checkmk.com/werk/17984"
    },
    {
      "type": "WEB",
      "url": "https://github.com/sbaresearch/advisories/tree/public/2025/SBA-ADV-20250730-01_Checkmk_Path_Traversal"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2025/Oct/7"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

FKIE_CVE-2025-39664

Vulnerability from fkie_nvd - Published: 2025-10-09 15:16 - Updated: 2025-12-04 20:37

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Summary

References

URL	Tags
security@checkmk.com	https://checkmk.com/werk/17984	Vendor Advisory
security@checkmk.com	https://github.com/sbaresearch/advisories/tree/public/2025/SBA-ADV-20250730-01_Checkmk_Path_Traversal	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2025/Oct/7	Exploit, Mailing List, Third Party Advisory

Impacted products

Vendor	Product	Version
checkmk	checkmk	*
checkmk	checkmk	2.2.0
checkmk	checkmk	2.2.0
checkmk	checkmk	2.2.0
checkmk	checkmk	2.2.0
checkmk	checkmk	2.2.0
checkmk	checkmk	2.2.0
checkmk	checkmk	2.2.0
checkmk	checkmk	2.2.0
checkmk	checkmk	2.2.0
checkmk	checkmk	2.2.0
checkmk	checkmk	2.2.0
checkmk	checkmk	2.2.0
checkmk	checkmk	2.2.0
checkmk	checkmk	2.2.0
checkmk	checkmk	2.2.0
checkmk	checkmk	2.2.0
checkmk	checkmk	2.2.0
checkmk	checkmk	2.2.0
checkmk	checkmk	2.2.0
checkmk	checkmk	2.2.0
checkmk	checkmk	2.2.0
checkmk	checkmk	2.2.0
checkmk	checkmk	2.2.0
checkmk	checkmk	2.2.0
checkmk	checkmk	2.2.0
checkmk	checkmk	2.2.0
checkmk	checkmk	2.2.0
checkmk	checkmk	2.2.0
checkmk	checkmk	2.2.0
checkmk	checkmk	2.2.0
checkmk	checkmk	2.2.0
checkmk	checkmk	2.2.0
checkmk	checkmk	2.2.0
checkmk	checkmk	2.2.0
checkmk	checkmk	2.2.0
checkmk	checkmk	2.2.0
checkmk	checkmk	2.2.0
checkmk	checkmk	2.2.0
checkmk	checkmk	2.2.0
checkmk	checkmk	2.2.0
checkmk	checkmk	2.2.0
checkmk	checkmk	2.2.0
checkmk	checkmk	2.3.0
checkmk	checkmk	2.3.0
checkmk	checkmk	2.3.0
checkmk	checkmk	2.3.0
checkmk	checkmk	2.3.0
checkmk	checkmk	2.3.0
checkmk	checkmk	2.3.0
checkmk	checkmk	2.3.0
checkmk	checkmk	2.3.0
checkmk	checkmk	2.3.0
checkmk	checkmk	2.3.0
checkmk	checkmk	2.3.0
checkmk	checkmk	2.3.0
checkmk	checkmk	2.3.0
checkmk	checkmk	2.3.0
checkmk	checkmk	2.3.0
checkmk	checkmk	2.3.0
checkmk	checkmk	2.3.0
checkmk	checkmk	2.3.0
checkmk	checkmk	2.3.0
checkmk	checkmk	2.3.0
checkmk	checkmk	2.3.0
checkmk	checkmk	2.3.0
checkmk	checkmk	2.3.0
checkmk	checkmk	2.3.0
checkmk	checkmk	2.3.0
checkmk	checkmk	2.3.0
checkmk	checkmk	2.3.0
checkmk	checkmk	2.3.0
checkmk	checkmk	2.3.0
checkmk	checkmk	2.3.0
checkmk	checkmk	2.3.0
checkmk	checkmk	2.3.0
checkmk	checkmk	2.3.0
checkmk	checkmk	2.3.0
checkmk	checkmk	2.3.0
checkmk	checkmk	2.3.0
checkmk	checkmk	2.3.0
checkmk	checkmk	2.4.0
checkmk	checkmk	2.4.0
checkmk	checkmk	2.4.0
checkmk	checkmk	2.4.0
checkmk	checkmk	2.4.0
checkmk	checkmk	2.4.0
checkmk	checkmk	2.4.0
checkmk	checkmk	2.4.0
checkmk	checkmk	2.4.0
checkmk	checkmk	2.4.0
checkmk	checkmk	2.4.0
checkmk	checkmk	2.4.0
checkmk	checkmk	2.4.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4491352C-E13B-45DF-AC48-50B27AE037BD",
              "versionEndExcluding": "2.2.0",
              "versionStartIncluding": "2.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p1:*:*:*:*:*:*",
              "matchCriteriaId": "3FB7221E-BE9F-4529-8E07-8AD547FA3208",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p10:*:*:*:*:*:*",
              "matchCriteriaId": "30A074AD-9499-46E3-AB67-D6CEE3AA01C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p11:*:*:*:*:*:*",
              "matchCriteriaId": "A8BD0240-A22B-4273-BD47-C35A8C12E127",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p12:*:*:*:*:*:*",
              "matchCriteriaId": "DAA5680F-1DD0-48AA-BB7F-15B27365F0FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p13:*:*:*:*:*:*",
              "matchCriteriaId": "BC2F31CA-D4EB-44E6-9A09-5255D33F4A88",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p14:*:*:*:*:*:*",
              "matchCriteriaId": "CD80BD69-20C6-4E17-B165-98689179A5A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p16:*:*:*:*:*:*",
              "matchCriteriaId": "7DE79896-EBE5-42F2-A126-2A871BBA1071",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p17:*:*:*:*:*:*",
              "matchCriteriaId": "51A44E69-EEA1-4B01-B7B3-5BF7B39819E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p18:*:*:*:*:*:*",
              "matchCriteriaId": "BCB65AEB-CF52-410B-92B1-2DCFB914FFA4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p19:*:*:*:*:*:*",
              "matchCriteriaId": "B7E17FA6-9011-489C-9FA9-368CA2D86FAE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p21:*:*:*:*:*:*",
              "matchCriteriaId": "8735357F-16A7-4408-9DDD-1C6796BADBE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p22:*:*:*:*:*:*",
              "matchCriteriaId": "4505098C-0A2B-481E-A3DF-D6DF8EFA4DE7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p23:*:*:*:*:*:*",
              "matchCriteriaId": "C12AFCCF-014E-4EEB-8F04-F1ACE182BA98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p24:*:*:*:*:*:*",
              "matchCriteriaId": "66B85557-D5EC-4AF4-B97A-D2B80A58B3B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p25:*:*:*:*:*:*",
              "matchCriteriaId": "233ECD21-FA72-43AF-8E4C-DAC27CC18F3C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p26:*:*:*:*:*:*",
              "matchCriteriaId": "8B4DB8EE-C10A-4097-8E66-2932BAEB732E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p27:*:*:*:*:*:*",
              "matchCriteriaId": "8653402A-C5AA-4CB1-8742-A12CCBE59373",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p28:*:*:*:*:*:*",
              "matchCriteriaId": "77047A82-E6D5-4E84-9BEC-ACD2FDA91FAE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p29:*:*:*:*:*:*",
              "matchCriteriaId": "2E44AE62-1746-410F-A28E-F8292E1F8D68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p3:*:*:*:*:*:*",
              "matchCriteriaId": "E2342E2D-58B0-43E7-8C01-DF4678520F39",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p30:*:*:*:*:*:*",
              "matchCriteriaId": "B6C1AC39-5AE0-4FC8-93FF-966400B074F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p31:*:*:*:*:*:*",
              "matchCriteriaId": "68455233-52CD-44B8-8B02-D94BA84DA6A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p32:*:*:*:*:*:*",
              "matchCriteriaId": "1C95A313-7665-4877-B421-0D20E3D3D54D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p33:*:*:*:*:*:*",
              "matchCriteriaId": "0AEF278D-D782-4A2B-B1B8-19A21D151AA2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p34:*:*:*:*:*:*",
              "matchCriteriaId": "B027FE8B-1802-4449-A0CB-6D15F9634559",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p35:*:*:*:*:*:*",
              "matchCriteriaId": "9B2BC55F-17AE-4BC4-824D-06BE9B15516C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p36:*:*:*:*:*:*",
              "matchCriteriaId": "1393F094-2D75-44CC-8783-4FDC7450D38E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p37:*:*:*:*:*:*",
              "matchCriteriaId": "C1294EAE-5CB5-422F-B4C6-3A81B06DE49A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p38:*:*:*:*:*:*",
              "matchCriteriaId": "2A347A18-7C59-40F5-8CBA-9F9A18B1E105",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p39:*:*:*:*:*:*",
              "matchCriteriaId": "442780BC-F984-47A3-9F5F-9A5049531C34",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p4:*:*:*:*:*:*",
              "matchCriteriaId": "1871B646-CA69-477F-B113-B901AC7B3934",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p40:*:*:*:*:*:*",
              "matchCriteriaId": "768541E6-C94D-4B32-9144-18D81A1AE047",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p41:*:*:*:*:*:*",
              "matchCriteriaId": "00793C7E-5C20-4696-B829-804CFA8690B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p42:*:*:*:*:*:*",
              "matchCriteriaId": "C03BBDDF-F96F-4A36-A7F5-7102A31EC606",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p43:*:*:*:*:*:*",
              "matchCriteriaId": "92088ED6-F6A8-400A-B015-4F4E02D55ABC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p44:*:*:*:*:*:*",
              "matchCriteriaId": "AE5F4DD6-9473-4581-BD0E-1D916A7FEF85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p45:*:*:*:*:*:*",
              "matchCriteriaId": "6541E323-356B-4B9F-B646-950400122EB3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p5:*:*:*:*:*:*",
              "matchCriteriaId": "EEC65A72-CAE1-4E28-83EF-7ECAFE921BB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p6:*:*:*:*:*:*",
              "matchCriteriaId": "D8FDECBC-8213-495F-A932-C4310F7C1F87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p7:*:*:*:*:*:*",
              "matchCriteriaId": "CB49BC95-6AA8-4F53-A3D6-E199BF756AAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p8:*:*:*:*:*:*",
              "matchCriteriaId": "050B6617-8FD4-47A6-BE4A-A52503A65812",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.2.0:p9:*:*:*:*:*:*",
              "matchCriteriaId": "4CA0FEC5-7036-47AF-A341-873B6C324B58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "83202950-840A-4CB7-AD96-CE62E84FABD8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p1:*:*:*:*:*:*",
              "matchCriteriaId": "310A2FA2-633A-48FB-A5C2-9A9A922E72E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p10:*:*:*:*:*:*",
              "matchCriteriaId": "3C0F1DC8-D9DF-4A7A-80DC-618FAB091375",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p11:*:*:*:*:*:*",
              "matchCriteriaId": "9B0A1E3E-1B5A-4346-95BC-DE6FF6EE14CA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p12:*:*:*:*:*:*",
              "matchCriteriaId": "EB52B2A7-BDC1-4A4F-ABAF-69C1BA8E83C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p13:*:*:*:*:*:*",
              "matchCriteriaId": "9F89225F-6969-4D89-B889-9CB09972825B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p14:*:*:*:*:*:*",
              "matchCriteriaId": "2A1B23EA-4571-4E4E-80BC-FD76FFD83FFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p15:*:*:*:*:*:*",
              "matchCriteriaId": "625A6998-5DAE-4538-9760-20523CCE501F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p16:*:*:*:*:*:*",
              "matchCriteriaId": "6EFD4461-2C37-418F-90AD-3A956B2D91C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p17:*:*:*:*:*:*",
              "matchCriteriaId": "88523633-844C-41FE-ADF1-74D6AA2BCE6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p18:*:*:*:*:*:*",
              "matchCriteriaId": "5DA03E01-06D1-4E18-9C7B-CB6E49E5954B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p19:*:*:*:*:*:*",
              "matchCriteriaId": "91F171B6-7F9A-4B9B-B53D-277FE74124F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p2:*:*:*:*:*:*",
              "matchCriteriaId": "7D1993E3-C4F9-4D78-BD02-A0B22D93BF1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p20:*:*:*:*:*:*",
              "matchCriteriaId": "34FF7D09-2129-4266-BF71-5424DC9E18B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p21:*:*:*:*:*:*",
              "matchCriteriaId": "246F0BA5-F927-4204-97F3-51870072599F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p22:*:*:*:*:*:*",
              "matchCriteriaId": "86ED47B6-58FB-4BAC-9C87-F7BC08AB3870",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p23:*:*:*:*:*:*",
              "matchCriteriaId": "2CFF173A-373B-4948-BD22-86C031B58E6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p24:*:*:*:*:*:*",
              "matchCriteriaId": "90648825-55F7-472A-944E-7E5C787FAFB4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p25:*:*:*:*:*:*",
              "matchCriteriaId": "6EE2BA6D-737A-4EEB-B8A2-91E9C61B70C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p26:*:*:*:*:*:*",
              "matchCriteriaId": "94FA8F05-267D-4B24-9AA3-A77FAD259310",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p27:*:*:*:*:*:*",
              "matchCriteriaId": "085B463B-633A-447A-B61C-99DD78B49A00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p28:*:*:*:*:*:*",
              "matchCriteriaId": "F5DB112B-EE65-4BAB-AED8-716E618FD89C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p29:*:*:*:*:*:*",
              "matchCriteriaId": "CD9EDBC8-A6A7-4348-8446-1D1DDDACDC51",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p3:*:*:*:*:*:*",
              "matchCriteriaId": "B28A0C9D-072A-413C-8587-CD57CB918190",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p30:*:*:*:*:*:*",
              "matchCriteriaId": "CB0E10D1-2497-4CAE-ABA5-9F861C6A65DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p31:*:*:*:*:*:*",
              "matchCriteriaId": "9E64A46A-A1E2-4272-A7B8-36140AF2B889",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p32:*:*:*:*:*:*",
              "matchCriteriaId": "28568D2A-CA5B-42C2-8A32-FF783CB7A06F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p33:*:*:*:*:*:*",
              "matchCriteriaId": "F82F8827-B7B2-4C10-A42A-77781BC7B24B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p34:*:*:*:*:*:*",
              "matchCriteriaId": "F641BB83-8A0D-42D0-AB3E-7314918FDC9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p35:*:*:*:*:*:*",
              "matchCriteriaId": "FCCE61D4-00B1-4D83-8FAE-8F2FA8F48E2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p36:*:*:*:*:*:*",
              "matchCriteriaId": "FDB9628A-5A72-4DD5-9D4A-CBE13B0CFDF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p37:*:*:*:*:*:*",
              "matchCriteriaId": "E34FEBB1-0935-4363-B4FE-45901BFC9A5D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p4:*:*:*:*:*:*",
              "matchCriteriaId": "DF22D0A7-82B1-4598-B8C5-BDFE523D07F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p5:*:*:*:*:*:*",
              "matchCriteriaId": "20035AFB-75B4-4164-9833-A2FCAE24B577",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p6:*:*:*:*:*:*",
              "matchCriteriaId": "8BCBACEB-7130-455D-B4BE-243053C116DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p7:*:*:*:*:*:*",
              "matchCriteriaId": "156384E2-E04B-4153-A91F-3F307C9FEAE8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p8:*:*:*:*:*:*",
              "matchCriteriaId": "EEC0ED95-F43B-46D7-9AA0-A0FB1C32EF1D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:p9:*:*:*:*:*:*",
              "matchCriteriaId": "91C194C1-5292-4E2A-BB71-9C5CD3CE6194",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.4.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "022C075A-4B04-4141-A7D7-F93C9A7CE0FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.4.0:p1:*:*:*:*:*:*",
              "matchCriteriaId": "1CFE68AB-1F57-497C-9229-29ED3A73D87F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.4.0:p10:*:*:*:*:*:*",
              "matchCriteriaId": "577F9F72-2FDA-4F87-A840-05158F2368B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.4.0:p11:*:*:*:*:*:*",
              "matchCriteriaId": "6F3AD894-660B-41FC-B910-899A764A00B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.4.0:p12:*:*:*:*:*:*",
              "matchCriteriaId": "21853BB4-1BB5-40E3-82E2-253899D898ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.4.0:p2:*:*:*:*:*:*",
              "matchCriteriaId": "B11306B4-1092-470C-BA87-DBD02A18A74B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.4.0:p3:*:*:*:*:*:*",
              "matchCriteriaId": "74F78C48-030A-48A1-B69E-04C4EA5CCC12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.4.0:p4:*:*:*:*:*:*",
              "matchCriteriaId": "8701A914-774B-4E3B-A651-4A9FD19A187A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.4.0:p5:*:*:*:*:*:*",
              "matchCriteriaId": "19E40054-C44D-4C4C-B077-0333D8201E5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.4.0:p6:*:*:*:*:*:*",
              "matchCriteriaId": "0E2D2F49-32B2-42AA-B99E-7C39403CF104",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.4.0:p7:*:*:*:*:*:*",
              "matchCriteriaId": "ACE440F8-EBF5-4DBB-A215-57D770C66219",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.4.0:p8:*:*:*:*:*:*",
              "matchCriteriaId": "1A94395D-DDCE-4977-89CA-46F71C3CA2B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkmk:checkmk:2.4.0:p9:*:*:*:*:*:*",
              "matchCriteriaId": "9513876C-8DF0-4A59-864F-8401BAA43376",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Insufficient escaping in the report scheduler within Checkmk \u003c2.4.0p13, \u003c2.3.0p38, \u003c2.2.0p46 and 2.1.0 (EOL) allows authenticated attackers to define the storage location of report file pairs beyond their intended root directory."
    }
  ],
  "id": "CVE-2025-39664",
  "lastModified": "2025-12-04T20:37:25.413",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ],
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "LOW",
          "attackRequirements": "NONE",
          "attackVector": "NETWORK",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 7.1,
          "baseSeverity": "HIGH",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "LOW",
          "providerUrgency": "NOT_DEFINED",
          "subAvailabilityImpact": "NONE",
          "subConfidentialityImpact": "NONE",
          "subIntegrityImpact": "NONE",
          "userInteraction": "NONE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "version": "4.0",
          "vulnAvailabilityImpact": "HIGH",
          "vulnConfidentialityImpact": "NONE",
          "vulnIntegrityImpact": "LOW",
          "vulnerabilityResponseEffort": "NOT_DEFINED"
        },
        "source": "security@checkmk.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-10-09T15:16:06.363",
  "references": [
    {
      "source": "security@checkmk.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://checkmk.com/werk/17984"
    },
    {
      "source": "security@checkmk.com",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://github.com/sbaresearch/advisories/tree/public/2025/SBA-ADV-20250730-01_Checkmk_Path_Traversal"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2025/Oct/7"
    }
  ],
  "sourceIdentifier": "security@checkmk.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "security@checkmk.com",
      "type": "Secondary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2025-39664 (GCVE-0-2025-39664)

GHSA-WM22-3GHP-687P

FKIE_CVE-2025-39664

Tags

Sightings

Nomenclature