CVE-2025-58122 MEDIUM

CVE-2025-58122: Insufficient permission validation when configuring notification parameters

Vendor Checkmk Gmbh
Product Checkmk
Weakness CWE-280
Published November 18, 2025
Last update November 18, 2025

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Insufficient permission validation in Checkmk 2.4.0 before version 2.4.0p16 allows low-privileged users to modify notification parameters via the REST API, which could lead to unauthorized actions or information disclosure.

Key dates

02Disclosure timeline

November 18, 2025 CVE published
November 18, 2025 Record updated