Unrated severityNVD Advisory· Published Feb 26, 2026· Updated Apr 14, 2026
Cross-site scripting in HTML logs of Synthetic Monitoring test services
CVE-2025-64999
Description
Improper neutralization of input in Checkmk versions 2.4.0 before 2.4.0p22, and 2.3.0 before 2.3.0p43 allows an attacker that can manipulate a host's check output to inject malicious JavaScript into the Synthetic Monitoring HTML logs, which can then be accessed via a crafted phishing link.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- checkmk.com/werk/19238mitrevendor-advisory
- github.com/sbaresearch/advisories/tree/e72ce9bb6b9ffffc1fc35e4d8152ad153293c851/2025/SBA-ADV-20251118-01_Checkmk_Cross_Site_Scriptingmitrethird-party-advisory
News mentions
0No linked articles in our index yet.