CVE-2025-65000
Exposure of SSH Private Keys in Remote Alert Handlers (Linux) Rule
SSH private keys of the "Remote alert handlers (Linux)" rule were exposed in the rule page's HTML source in Checkmk <= 2.4.0p18 and all versions of Checkmk 2.3.0. This potentially allowed unauthorized triggering of predefined alert handlers on hosts where the handler was deployed.
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:L/SA:L
Affected products
Checkmk GmbH · CheckmkWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://checkmk.com/werk/19030