VYPR
← All advisories
Unrated severityNVD Advisory· Published Oct 30, 2025· Updated Nov 7, 2025

Cross Site Scripting through compromised remote site

CVE-2025-39663

Description

Cross-Site Scripting (XSS) vulnerability in Checkmk's distributed monitoring allows a compromised remote site to inject malicious HTML code into service outputs in the central site. Affecting Checkmk before 2.4.0p14, 2.3.0p39, 2.2.0 and 2.1.0 (eol).

Affected products

2
  • Checkmk/Checkmkllm-fuzzy2 versions
    before 2.4.0p14, 2.3.0p39, 2.2.0 and 2.1.0+ 1 more
    • (no CPE)range: before 2.4.0p14, 2.3.0p39, 2.2.0 and 2.1.0
    • (no CPE)range: 2.4.0

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

2

News mentions

0

No linked articles in our index yet.