CVE-2025-32918 Information

Description

Improper neutralization of Livestatus command delimiters in autocomplete endpoint within the RestAPI of Checkmk versions <2.4.0p6 <2.3.0p35 <2.2.0p44 and 2.1.0 (EOL) allows an authenticated user to inject arbitrary Livestatus commands.

Reference

https://checkmk.com/werk/17987

Related CNNVD

CNNVD-202507-391 (Published: 2025-07-04)