Primary

Context

Checkmk Argument Injection Vulnerability Allowing Arbitrary File Write

Vulnerability

Patched

An argument injection vulnerability has been identified in Checkmk versions through 2.4.0p1, 2.3.0p32, 2.2.0p42, and 2.1.0. This vulnerability allows authenticated attackers to write arbitrary files by injecting arguments into the command line of certain checks and special agents. The injected option '--vcrtrace' could be used to dump HTTP traffic into a file specified by the parameter, without any path validation.

Impact

Exploitation of this vulnerability could lead to unauthorized file writing, potentially allowing for further exploitation or information disclosure.

Remediation

Users can upgrade to Checkmk versions 2.5.0b1 or 2.4.0p1 to address this vulnerability. Instructions for upgrading can be found on the Checkmk website.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

4.4

exploitability

5.2

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

4.4

exploitability

5.2

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Checkmk Argument Injection Vulnerability Allowing Arbitrary File Write

Vulnerability

Impact

Remediation

Affected Products

Checkmk

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating