CVE-2025-65000 - Vulnerability Details - OpenCVE

SSH private keys of the "Remote alert handlers (Linux)" rule were exposed in the rule page's HTML source in Checkmk <= 2.4.0p18 and all versions of Checkmk 2.3.0. This potentially allowed unauthorized triggering of predefined alert handlers on hosts where the handler was deployed.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements Present

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact Low

Subsequent System Availability Impact Low

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Checkmk	Checkmk

No data.

No data.

No data.

References

Link	Providers
https://checkmk.com/werk/19030

History

Thu, 18 Dec 2025 16:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Thu, 18 Dec 2025 14:15:00 +0000

Type	Values Removed	Values Added
Description		SSH private keys of the "Remote alert handlers (Linux)" rule were exposed in the rule page's HTML source in Checkmk <= 2.4.0p18 and all versions of Checkmk 2.3.0. This potentially allowed unauthorized triggering of predefined alert handlers on hosts where the handler was deployed.
Title		Exposure of SSH Private Keys in Remote Alert Handlers (Linux) Rule
First Time appeared		Checkmk Checkmk checkmk
Weaknesses		CWE-212
CPEs		cpe:2.3:a:checkmk:checkmk:::::::: cpe:2.3:a:checkmk:checkmk:2.3.0:::::::*
Vendors & Products		Checkmk Checkmk checkmk
References		https://checkmk.com/werk/19030
Metrics		cvssV4_0 `{'score': 2.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:L/SA:L'}`

MITRE

Status: PUBLISHED

Assigner: Checkmk

Published: 2025-12-18T14:04:12.809Z

Updated: 2025-12-18T15:28:51.856Z

Reserved: 2025-11-12T09:16:24.095Z

Link: CVE-2025-65000

Vulnrichment

Updated: 2025-12-18T15:28:43.968Z

NVD

Status : Awaiting Analysis

Published: 2025-12-18T14:15:59.947

Modified: 2025-12-18T15:07:18.427

Link: CVE-2025-65000

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-65000", "assignerOrgId": "f7d6281c-4801-44ce-ace2-493291dedb0f", "state": "PUBLISHED", "assignerShortName": "Checkmk", "dateReserved": "2025-11-12T09:16:24.095Z", "datePublished": "2025-12-18T14:04:12.809Z", "dateUpdated": "2025-12-18T15:28:51.856Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Checkmk", "vendor": "Checkmk GmbH", "versions": [{"lessThan": "2.4.0p18", "status": "affected", "version": "2.4.0", "versionType": "semver"}, {"status": "affected", "version": "2.3.0", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "value": "SSH private keys of the \"Remote alert handlers (Linux)\" rule were exposed in the rule page's HTML source in Checkmk <= 2.4.0p18 and all versions of Checkmk 2.3.0. This potentially allowed unauthorized triggering of predefined alert handlers on hosts where the handler was deployed."}], "impacts": [{"capecId": "CAPEC-37", "descriptions": [{"lang": "en", "value": "CAPEC-37: Retrieve Embedded Sensitive Data"}]}], "metrics": [{"cvssV4_0": {"baseScore": 2.3, "baseSeverity": "LOW", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:L/SA:L", "version": "4.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-212", "description": "CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f7d6281c-4801-44ce-ace2-493291dedb0f", "shortName": "Checkmk", "dateUpdated": "2025-12-18T14:04:12.809Z"}, "references": [{"url": "https://checkmk.com/werk/19030"}], "title": "Exposure of SSH Private Keys in Remote Alert Handlers (Linux) Rule", "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.4.0", "versionEndExcluding": "2.4.0p18"}, {"vulnerable": true, "criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:*:*:*:*:*:*:*"}]}]}], "x_generator": {"engine": "cvelib 1.8.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-12-18T15:28:17.768735Z", "id": "CVE-2025-65000", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-18T15:28:51.856Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-65000", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-12-18T15:28:17.768735Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-18T15:28:43.968Z"}}], "cna": {"title": "Exposure of SSH Private Keys in Remote Alert Handlers (Linux) Rule", "impacts": [{"capecId": "CAPEC-37", "descriptions": [{"lang": "en", "value": "CAPEC-37: Retrieve Embedded Sensitive Data"}]}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 2.3, "baseSeverity": "LOW", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:L/SA:L"}}], "affected": [{"vendor": "Checkmk GmbH", "product": "Checkmk", "versions": [{"status": "affected", "version": "2.4.0", "lessThan": "2.4.0p18", "versionType": "semver"}, {"status": "affected", "version": "2.3.0", "versionType": "semver"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://checkmk.com/werk/19030"}], "x_generator": {"engine": "cvelib 1.8.0"}, "descriptions": [{"lang": "en", "value": "SSH private keys of the \"Remote alert handlers (Linux)\" rule were exposed in the rule page's HTML source in Checkmk <= 2.4.0p18 and all versions of Checkmk 2.3.0. This potentially allowed unauthorized triggering of predefined alert handlers on hosts where the handler was deployed."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-212", "description": "CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:checkmk:checkmk:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "2.4.0p18", "versionStartIncluding": "2.4.0"}, {"criteria": "cpe:2.3:a:checkmk:checkmk:2.3.0:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}]}], "providerMetadata": {"orgId": "f7d6281c-4801-44ce-ace2-493291dedb0f", "shortName": "Checkmk", "dateUpdated": "2025-12-18T14:04:12.809Z"}}}, "cveMetadata": {"cveId": "CVE-2025-65000", "state": "PUBLISHED", "dateUpdated": "2025-12-18T15:28:51.856Z", "dateReserved": "2025-11-12T09:16:24.095Z", "assignerOrgId": "f7d6281c-4801-44ce-ace2-493291dedb0f", "datePublished": "2025-12-18T14:04:12.809Z", "assignerShortName": "Checkmk"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "SSH private keys of the \"Remote alert handlers (Linux)\" rule were exposed in the rule page's HTML source in Checkmk <= 2.4.0p18 and all versions of Checkmk 2.3.0. This potentially allowed unauthorized triggering of predefined alert handlers on hosts where the handler was deployed."}], "id": "CVE-2025-65000", "lastModified": "2025-12-18T15:07:18.427", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 2.3, "baseSeverity": "LOW", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "LOW", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "security@checkmk.com", "type": "Secondary"}]}, "published": "2025-12-18T14:15:59.947", "references": [{"source": "security@checkmk.com", "url": "https://checkmk.com/werk/19030"}], "sourceIdentifier": "security@checkmk.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-212"}], "source": "security@checkmk.com", "type": "Secondary"}]}