CVE-2025-39664

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-39664

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-39664.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-39664

Downstream

UBUNTU-CVE-2025-39664

Published

2025-10-09T15:16:06.363Z

Modified

2025-12-06T07:01:18.903329Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

Insufficient escaping in the report scheduler within Checkmk <2.4.0p13, <2.3.0p38, <2.2.0p46 and 2.1.0 (EOL) allows authenticated attackers to define the storage location of report file pairs beyond their intended root directory.

References

Affected packages

Git / github.com/checkmk/checkmk

Affected ranges

Type: GIT
Repo: https://github.com/checkmk/checkmk
Events: Introduced

6a686961c4b760c55a13cfdb61e7c02be832a0be

Fixed

d6049cd2d82eba3842b30c305912b9e946842463

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-39664.json"