Checkmk Report Scheduler Path Traversal Vulnerability (CVE-2025-39664)

Key Information Vulnerability Details Vulnerability ID: Werk #17984 Title: Path-Traversal in report scheduler Date: Aug 13, 2025 Severity: Trivial Change Category: Security Fix Compatibility: Compatible - no manual interaction needed Affected Versions Checkmk versions & editions: - 2.4.0p13: Checkmk Enterprise (CEE), Checkmk Cloud (CCE), Checkmk MSP (CME) - 2.3.0p38: Checkmk Enterprise (CEE), Checkmk Cloud (CCE), Checkmk MSP (CME) - 2.2.0p46: Checkmk Enterprise (CEE), Checkmk Cloud (CCE), Checkmk MSP (CME) Vulnerability Description Issue: Authenticated users could perform path traversal attacks on the site’s local file directories via the report scheduler. Cause: Insufficient macro escaping allowed attackers to exploit generated .mk files to overwrite existing .mk files. Impact Attackers may corrupt site configurations, but cannot bypass predefined fields; only usable for DoS or damaging affected sites. Acknowledgments Lisa Gnedt (SBA Research) reported this issue. Affected Versions 2.4.0 2.3.0 2.2.0 2.1.0 (EOL) Mitigation If updating is not possible, set the “Manage Own Scheduled Reports” and “Manage All Scheduled Reports” roles to “no” for non-admin users. Manually review all scheduled reports and remove any scheduled reports containing directory information. Indicators of Compromise Presence of .pdf/.mk report files pointing to identifiable affected paths. Vulnerability Management CVSS Score: 7.1 High CVE ID: CVE-2025-39664

Goal Reached Thanks to every supporter — we hit 100%!

Checkmk Report Scheduler Path Traversal Vulnerability (CVE-2025-39664)