CVE-2025-39663
30.10.2025, 11:15
Cross-Site Scripting (XSS) vulnerability in Checkmk's distributed monitoring allows a compromised remote site to inject malicious HTML code into service outputs in the central site. Affecting Checkmk before 2.4.0p14, 2.3.0p39, 2.2.0 and 2.1.0 (eol).
| Vendor | Product | Version |
|---|---|---|
| checkmk | checkmk | 2.0.0 ≤ 𝑥 < 2.3.0 |
| checkmk | checkmk | 2.3.0 |
| checkmk | checkmk | 2.3.0:p1 |
| checkmk | checkmk | 2.3.0:p10 |
| checkmk | checkmk | 2.3.0:p11 |
| checkmk | checkmk | 2.3.0:p12 |
| checkmk | checkmk | 2.3.0:p13 |
| checkmk | checkmk | 2.3.0:p14 |
| checkmk | checkmk | 2.3.0:p15 |
| checkmk | checkmk | 2.3.0:p16 |
| checkmk | checkmk | 2.3.0:p17 |
| checkmk | checkmk | 2.3.0:p18 |
| checkmk | checkmk | 2.3.0:p19 |
| checkmk | checkmk | 2.3.0:p2 |
| checkmk | checkmk | 2.3.0:p20 |
| checkmk | checkmk | 2.3.0:p21 |
| checkmk | checkmk | 2.3.0:p22 |
| checkmk | checkmk | 2.3.0:p23 |
| checkmk | checkmk | 2.3.0:p24 |
| checkmk | checkmk | 2.3.0:p25 |
| checkmk | checkmk | 2.3.0:p26 |
| checkmk | checkmk | 2.3.0:p27 |
| checkmk | checkmk | 2.3.0:p28 |
| checkmk | checkmk | 2.3.0:p29 |
| checkmk | checkmk | 2.3.0:p3 |
| checkmk | checkmk | 2.3.0:p30 |
| checkmk | checkmk | 2.3.0:p31 |
| checkmk | checkmk | 2.3.0:p32 |
| checkmk | checkmk | 2.3.0:p33 |
| checkmk | checkmk | 2.3.0:p34 |
| checkmk | checkmk | 2.3.0:p35 |
| checkmk | checkmk | 2.3.0:p36 |
| checkmk | checkmk | 2.3.0:p37 |
| checkmk | checkmk | 2.3.0:p38 |
| checkmk | checkmk | 2.3.0:p4 |
| checkmk | checkmk | 2.3.0:p5 |
| checkmk | checkmk | 2.3.0:p6 |
| checkmk | checkmk | 2.3.0:p7 |
| checkmk | checkmk | 2.3.0:p8 |
| checkmk | checkmk | 2.3.0:p9 |
| checkmk | checkmk | 2.4.0 |
| checkmk | checkmk | 2.4.0:p1 |
| checkmk | checkmk | 2.4.0:p10 |
| checkmk | checkmk | 2.4.0:p11 |
| checkmk | checkmk | 2.4.0:p12 |
| checkmk | checkmk | 2.4.0:p13 |
| checkmk | checkmk | 2.4.0:p2 |
| checkmk | checkmk | 2.4.0:p3 |
| checkmk | checkmk | 2.4.0:p4 |
| checkmk | checkmk | 2.4.0:p5 |
| checkmk | checkmk | 2.4.0:p6 |
| checkmk | checkmk | 2.4.0:p7 |
| checkmk | checkmk | 2.4.0:p9 |
𝑥
= Vulnerable software versions
Ubuntu Releases
Common Weakness Enumeration
- CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special characters such as "<", ">", and "&" that could be interpreted as web-scripting elements when they are sent to a downstream component that processes web pages.
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
References