CVE-2025-58122
Severity CVSS v4.0:
MEDIUM
Type:
Unavailable / Other
Publication date:
18/11/2025
Last modified:
24/11/2025
Description
Insufficient permission validation in Checkmk 2.4.0 before version 2.4.0p16 allows low-privileged users to modify notification parameters via the REST API, which could lead to unauthorized actions or information disclosure.
Impact
Base Score 4.0
5.30
Severity 4.0
MEDIUM
Base Score 3.x
5.40
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:checkmk:checkmk:2.4.0:-:*:*:*:*:*:* | ||
| cpe:2.3:a:checkmk:checkmk:2.4.0:b1:*:*:*:*:*:* | ||
| cpe:2.3:a:checkmk:checkmk:2.4.0:b2:*:*:*:*:*:* | ||
| cpe:2.3:a:checkmk:checkmk:2.4.0:b3:*:*:*:*:*:* | ||
| cpe:2.3:a:checkmk:checkmk:2.4.0:b4:*:*:*:*:*:* | ||
| cpe:2.3:a:checkmk:checkmk:2.4.0:b5:*:*:*:*:*:* | ||
| cpe:2.3:a:checkmk:checkmk:2.4.0:b6:*:*:*:*:*:* | ||
| cpe:2.3:a:checkmk:checkmk:2.4.0:p1:*:*:*:*:*:* | ||
| cpe:2.3:a:checkmk:checkmk:2.4.0:p10:*:*:*:*:*:* | ||
| cpe:2.3:a:checkmk:checkmk:2.4.0:p11:*:*:*:*:*:* | ||
| cpe:2.3:a:checkmk:checkmk:2.4.0:p12:*:*:*:*:*:* | ||
| cpe:2.3:a:checkmk:checkmk:2.4.0:p13:*:*:*:*:*:* | ||
| cpe:2.3:a:checkmk:checkmk:2.4.0:p14:*:*:*:*:*:* | ||
| cpe:2.3:a:checkmk:checkmk:2.4.0:p15:*:*:*:*:*:* | ||
| cpe:2.3:a:checkmk:checkmk:2.4.0:p2:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page