CVE-2025-39664

high-risk

Published 2025-10-09

Insufficient escaping in the report scheduler within Checkmk <2.4.0p13, <2.3.0p38, <2.2.0p46 and 2.1.0 (EOL) allows authenticated attackers to define the storage location of report file pairs beyond their intended root directory.

Do I need to act?

0.08% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 6.5/10 Medium

NETWORK / LOW complexity

Affected Products (20)

Checkmk

Affected Vendors

Checkmk

References (3)

Vendor Advisory https://checkmk.com/werk/17984

Exploit https://github.com/sbaresearch/advisories/tree/public/2025/SBA-ADV-20250730-01_C...

Exploit http://seclists.org/fulldisclosure/2025/Oct/7

/ 100

high-risk

Severity 24/34 · High

Exploitability 0/34 · Minimal

Exposure 30/34 · Critical