Vulnerability Details CVE-2025-64999
Improper neutralization of input in Checkmk versions 2.4.0 before 2.4.0p22, and 2.3.0 before 2.3.0p43 allows an attacker that can manipulate a host's check output to inject malicious JavaScript into the Synthetic Monitoring HTML logs, which can then be accessed via a crafted phishing link.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 8.3%
CVSS Severity
CVSS v3 Score 5.4
References