CVE-2025-64998

Session hijacking via exposed session signing secret in distributed Checkmk setups

CVSS 7.3 HIGHEPSS 0.3%CWE-522

Exposure of session signing secret in Checkmk <2.4.0p23, <2.3.0p45 and 2.2.0 allows an administrator of a remote site with config sync enabled to hijack sessions on the central site by forging session cookies.

CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Produtos afetados

Checkmk GmbH · Checkmk

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://checkmk.com/werk/18954