Security Advisory
CVE-2025-64999
CVE vulnerability detail — eXtreme Datacenter Security Operations
Description
Improper neutralization of input in Checkmk versions 2.4.0 before 2.4.0p22, and 2.3.0 before 2.3.0p43 allows an attacker that can manipulate a hosts check output to inject malicious JavaScript into the Synthetic Monitoring HTML logs, which can then be accessed via a crafted phishing link.