CVE-2024-13723

CVE-2024-13723: Checkmk NagVis Remote Code Execution

Vendor Checkmk
Product NagVis
Weakness CWE-434 · Unrestricted file upload
Published February 4, 2025
Last update November 3, 2025

CVSS base score

What the vulnerability does

01Description

The "NagVis" component within Checkmk is vulnerable to remote code execution. An authenticated attacker with administrative level privileges is able to upload a malicious PHP file and modify specific settings to execute the contents of the file as PHP.

Key dates

02Disclosure timeline

February 4, 2025 CVE published
November 3, 2025 Record updated