CVE-2025-64998

EUVD-2025-208958
Exposure of session signing secret in Checkmk <2.4.0p23, <2.3.0p45 and 2.2.0 allows an administrator of a remote site with config sync enabled to hijack sessions on the central site by forging session cookies.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.3 HIGH
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
checkmkcheckmk
2.4.0 ≤
𝑥
≤ 2.4.0p22
checkmkcheckmk
2.3.0 ≤
𝑥
≤ 2.3.0p44
checkmkcheckmk
2.2.0
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
check-mk
bionic
needs-triage
jammy
dne
noble
dne
questing
dne
xenial
needs-triage
Common Weakness Enumeration
References
https://checkmk.com/werk/18954