CVE-2025-64998 in Checkmkinfo

Summary

Exposure of session signing secret in Checkmk <2.4.0p23, <2.3.0p45 and 2.2.0 allows an administrator of a remote site with config sync enabled to hijack sessions on the central site by forging session cookies.

Responsible

Checkmk

Reservation

11/12/2025

Disclosure

03/24/2026

Entries

VulDB provides additional information and datapoints for this CVE:

ID	Vulnerability	CWE	Exp	Cou	CVE
352717	Checkmk Session Cookie insufficiently protected credentials	522	Not defined	Official fix	CVE-2025-64998

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

◂ PreviousOverviewNext ▸

Do you need the next level of professionalism?

Upgrade your account now!