CVE-2025-65000
MEDIUMDescription
SSH private keys of the "Remote alert handlers (Linux)" rule were exposed in the rule page's HTML source in Checkmk <= 2.4.0p18 and all versions of Checkmk 2.3.0. This potentially allowed unauthorized triggering of predefined alert handlers on hosts where the handler was deployed.
Is your site exposed to CVE-2025-65000?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2025-65000? +
How severe is CVE-2025-65000? +
What products are affected by CVE-2025-65000? +
How do I check if I'm vulnerable to CVE-2025-65000? +
Related Vulnerabilities
kube-audit-rest is a simple logger of mutation/creation requests to the k8s api. If the "full-elastic-stack" example vector configuration was used …
Grype is a vulnerability scanner for container images and filesystems. A credential disclosure vulnerability was found in Grype, affecting versions …
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. From versions 3.2.0 to before 3.2.11 and 3.3.0 to …
A low privileged remote attacker can gain the root password due to improper removal of sensitive information before storage or …
In Argo CD 3.2.0 before 3.2.11 and 3.3.0 before 3.3.9, ServerSideDiff allows reading cleartext Kubernetes Secret data.
OpenVPN Connect before version 3.5.0 can contain the configuration profile's clear-text private key which is logged in the application log, …