Security Advisory

CVE-2025-64999

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-02-26 10:26:00
Last updated 2026-04-14 14:28:26
Assigner Checkmk
State PUBLISHED

Description

Improper neutralization of input in Checkmk versions 2.4.0 before 2.4.0p22, and 2.3.0 before 2.3.0p43 allows an attacker that can manipulate a hosts check output to inject malicious JavaScript into the Synthetic Monitoring HTML logs, which can then be accessed via a crafted phishing link.