CVE-2025-65000
published 2025-12-18CVE-2025-65000: SSH private keys of the "Remote alert handlers (Linux)" rule were exposed in the rule page's HTML source in Checkmk <= 2.4.0p18 and all versions of Checkmk…
PriorityP428medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
EPSS
0.18%
8.0th percentile
SSH private keys of the "Remote alert handlers (Linux)" rule were exposed in the rule page's HTML source in Checkmk <= 2.4.0p18 and all versions of Checkmk 2.3.0. This potentially allowed unauthorized triggering of predefined alert handlers on hosts where the handler was deployed.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| checkmk | checkmk | — | — |
| checkmk | checkmk | — | — |
| checkmk | checkmk | — | — |
| checkmk_gmbh | checkmk | — | — |
| checkmk_gmbh | checkmk | >= 2.4.0 < 2.4.0p18 | 2.4.0p18 |
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvdv4.02.3LOWCVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
osv2.3LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-5393-2v6g-pgwc: SSH private keys of the "Remote alert handlers (Linux)" rule were exposed in the rule page's HTML source in Checkmk <= 2
ghsa_unreviewed·2025-12-18
CVE-2025-65000 [LOW] CWE-212 GHSA-5393-2v6g-pgwc: SSH private keys of the "Remote alert handlers (Linux)" rule were exposed in the rule page's HTML source in Checkmk <= 2
SSH private keys of the "Remote alert handlers (Linux)" rule were exposed in the rule page's HTML source in Checkmk <= 2.4.0p18 and all versions of Checkmk 2.3.0. This potentially allowed unauthorized triggering of predefined alert handlers on hosts where the handler was deployed.
OSV
CVE-2025-65000: SSH private keys of the "Remote alert handlers (Linux)" rule were exposed in the rule page's HTML source in Checkmk <= 2
osv·2025-12-18·CVSS 2.3
CVE-2025-65000 [LOW] CVE-2025-65000: SSH private keys of the "Remote alert handlers (Linux)" rule were exposed in the rule page's HTML source in Checkmk <= 2
SSH private keys of the "Remote alert handlers (Linux)" rule were exposed in the rule page's HTML source in Checkmk <= 2.4.0p18 and all versions of Checkmk 2.3.0. This potentially allowed unauthorized triggering of predefined alert handlers on hosts where the handler was deployed.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-12-18
Published