CVE-2025-64996

Overly broad file permissions in the mk_inotify plugin allows reading and manipulating the plugin's output

CVSS 4.8 MEDIUMEPSS 0.1%CWE-732

Vexday Risk Score

13Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 4.8EPSS 0.1%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

18 Nov 2025Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

In Checkmk versions prior to 2.4.0p16, 2.3.0p41, and all versions of 2.2.0 and older, the mk_inotify plugin creates world-readable and writable files, allowing any local user on the system to read the plugin's output and manipulate it, potentially leading to unauthorized access to or modification of monitoring data.

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:L/SI:N/SA:N

Affected products

Checkmk GmbH · Checkmk

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://checkmk.com/werk/18570