CVE-2025-1712

HIGH

Checkmk <2.4.0p1,<2.3.0p32,<2.2.0p42,2.1.0 - Command Injection

Title source: llm

Description

Argument injection in special agent configuration in Checkmk <2.4.0p1, <2.3.0p32, <2.2.0p42 and 2.1.0 allows authenticated attackers to write arbitrary files

References (1)

[Vendor Advisory] https://checkmk.com/werk/17996

Scores

CVSS v3 8.8

EPSS 0.0032

EPSS Percentile 54.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-88

Status published

Products (1)

checkmk/checkmk 2.2.0 (50 CPE variants)

Published May 21, 2025

Tracked Since Feb 18, 2026