High severity7.2NVD Advisory· Published Feb 4, 2025· Updated Apr 15, 2026

CVE-2024-13723

Description

The "NagVis" component within Checkmk is vulnerable to remote code execution. An authenticated attacker with administrative level privileges is able to upload a malicious PHP file and modify specific settings to execute the contents of the file as PHP.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

seclists.org/fulldisclosure/2025/Feb/4nvd
www.openwall.com/lists/oss-security/2025/02/04/4nvd
checkmk.com/werksnvd
korelogic.com/Resources/Advisories/KL-001-2025-002.txtnvd
lists.debian.org/debian-lts-announce/2025/05/msg00000.htmlnvd
www.nagvis.org/downloads/changelog/1.9.42nvd

News mentions

No linked articles in our index yet.

cvss	0.468
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000