VYPR
Unrated severityNVD Advisory· Published Feb 26, 2026· Updated Apr 14, 2026

Cross-site scripting in HTML logs of Synthetic Monitoring test services

CVE-2025-64999

Description

Improper neutralization of input in Checkmk versions 2.4.0 before 2.4.0p22, and 2.3.0 before 2.3.0p43 allows an attacker that can manipulate a host's check output to inject malicious JavaScript into the Synthetic Monitoring HTML logs, which can then be accessed via a crafted phishing link.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Checkmk/Checkmkllm-fuzzy2 versions
    >=2.4.0 <2.4.0p22, >=2.3.0 <2.3.0p43+ 1 more
    • (no CPE)range: >=2.4.0 <2.4.0p22, >=2.3.0 <2.3.0p43
    • (no CPE)range: 2.4.0

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.