Primary

Context

Checkmk Livestatus Command Injection Vulnerability in REST API Autocomplete Endpoint

Vulnerability

Patched

A command injection vulnerability has been identified in the autocomplete endpoint of the Checkmk REST API. This issue affects versions prior to 2.4.0p6, prior to 2.3.0p35, prior to 2.2.0p44, and 2.1.0 (EOL). The vulnerability allows authenticated users to inject arbitrary Livestatus commands by exploiting improper validation of command delimiters in the endpoint.

Impact

Exploitation of this vulnerability allows for unauthorized injection of Livestatus commands by authenticated users, potentially leading to unauthorized actions or data manipulation within Checkmk.

Remediation

Users can upgrade to Checkmk versions 2.4.0p6, 2.3.0p35, 2.2.0p44, or the upcoming 2.5.0b1 to address this vulnerability.

Added: Jul 4, 2025, 8:21 AM

Updated: Jul 4, 2025, 8:21 AM

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

5.0

exploitability

5.2

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

5.0

exploitability

5.2

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Checkmk Livestatus Command Injection Vulnerability in REST API Autocomplete Endpoint

Vulnerability

Impact

Remediation

Affected Products

Checkmk

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating