Primary

Context

Checkmk REST API Permission Vulnerability Allowing Unauthorized Actions and Information Access

Vulnerability

Patched

A vulnerability exists in Checkmk versions 2.2.0, 2.3.0, and 2.4.0 prior to 2.4.0p16, due to insufficient permission validation on several REST API endpoints. This flaw enables low-privileged users to execute unauthorized actions or access sensitive information. The vulnerability affects all editions of Checkmk in the default configuration.

Impact

Exploitation of this vulnerability allows low-privileged users to bypass permission restrictions, enabling them to perform unauthorized actions or access sensitive information through the affected REST API endpoints.

Remediation

Users can upgrade to Checkmk version 2.4.0p16 to address this vulnerability. This version is compatible with all Checkmk editions.

Added: Nov 18, 2025, 4:25 PM

Updated: Nov 18, 2025, 4:25 PM

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

5.0

exploitability

5.2

remediation

7.7

relevance

1.1

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

5.0

exploitability

5.2

remediation

7.7

relevance

1.1

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Checkmk REST API Permission Vulnerability Allowing Unauthorized Actions and Information Access

Vulnerability

Impact

Remediation

Affected Products

Checkmk

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating