cvedb.io
CVE-2025-64996
MEDIUM · CVSS 4.4
EPSS exploitation probability: 0%
Published 2025-11-18T16:15:46.563 · Last modified 2026-06-17T09:55:19.137

Summary

In Checkmk versions prior to 2.4.0p16, 2.3.0p41, and all versions of 2.2.0 and older, the mk_inotify plugin creates world-readable and writable files, allowing any local user on the system to read the plugin's output and manipulate it, potentially leading to unauthorized access to or modification of monitoring data.

Affected products

checkmk — checkmk

Does this affect you?

Add your gear to cvedb and we'll alert you only when checkmk ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.