Vulnerability in Checkmk Gmbh
CVE-2025-32918
Improper neutralization of Livestatus command delimiters in autocomplete endpoint within the RestAPI of Checkmk versions <2.4.0p6, <2.3.0p35, <2.2.0p44, and 2.1.0 (EOL) allows an authenticated user to inject arbitrary Livestatus commands.
EPSS: 0.004 (57.7th percentile) — read the EPSS interpretation.
Affected products
- Checkmk Gmbh — versions 2.4.0, 2.3.0, 2.2.0