CVE-2024-13723
Publication date 4 February 2025
Last updated 26 August 2025
Ubuntu priority
Description
The "NagVis" component within Checkmk is vulnerable to remote code execution. An authenticated attacker with administrative level privileges is able to upload a malicious PHP file and modify specific settings to execute the contents of the file as PHP.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| check-mk | 25.10 questing | Not in release |
| 25.04 plucky | Not in release | |
| 24.04 LTS noble | Not in release | |
| 22.04 LTS jammy | Not in release | |
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic |
Needs evaluation
|
|
| 16.04 LTS xenial |
Needs evaluation
|
|
| nagvis | 25.10 questing |
Not affected
|
| 25.04 plucky |
Not affected
|
|
| 24.04 LTS noble |
Needs evaluation
|
|
| 22.04 LTS jammy |
Needs evaluation
|
|
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic |
Needs evaluation
|
|
| 16.04 LTS xenial |
Needs evaluation
|
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
7.2 · High
|
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | High |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | High |
| Availability impact | High |
| Vector | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
References
Other references
- https://www.cve.org/CVERecord?id=CVE-2024-13723
- https://www.openwall.com/lists/oss-security/2025/02/04/4
- http://seclists.org/fulldisclosure/2025/Feb/4
- http://www.openwall.com/lists/oss-security/2025/02/04/4
- https://checkmk.com/werks?version=2.3.0p10
- https://korelogic.com/Resources/Advisories/KL-001-2025-002.txt
- https://www.nagvis.org/downloads/changelog/1.9.42