Vulnerability Details CVE-2025-39664
Insufficient escaping in the report scheduler within Checkmk <2.4.0p13, <2.3.0p38, <2.2.0p46 and 2.1.0 (EOL) allows authenticated attackers to define the storage location of report file pairs beyond their intended root directory.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 19.9%
CVSS Severity
CVSS v3 Score 6.5
References
Products affected by CVE-2025-39664
-
cpe:2.3:a:checkmk:checkmk:2.1.0
-
cpe:2.3:a:checkmk:checkmk:2.2.0
-
cpe:2.3:a:checkmk:checkmk:2.3.0
-
cpe:2.3:a:checkmk:checkmk:2.4.0