Improper neutralization of Livestatus command delimiters in autocomplete endpoint within the RestAPI of Checkmk versions <2.4.0p6, <2.3.0p35, <2.2.0p44, and 2.1.0 (EOL) allows an authenticated user to inject arbitrary Livestatus commands.
CVSS
No CVSS.
References
| Link | Resource |
|---|---|
| https://checkmk.com/werk/17987 |
Configurations
No configuration.
History
04 Jul 2025, 08:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2025-07-04 08:15
Updated : 2025-07-04 08:15
NVD link : CVE-2025-32918
Mitre link : CVE-2025-32918
CVE.ORG link : CVE-2025-32918
JSON object : View
Products Affected
No product.
CWE
CWE-140
Improper Neutralization of Delimiters