Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
4DescriptionCVE.org
User enumeration in Nagvis' Checkmk MultisiteAuth before version 1.9.48 allows an unauthenticated attacker to enumerate Checkmk usernames.
AnalysisAI
CVE-2025-39665 is a security vulnerability (CVSS 5.3) that allows an unauthenticated attacker. Remediation should follow standard vulnerability management procedures. Vendor patch is available.
Technical ContextAI
Vulnerability type not specified by vendor.
RemediationAI
Apply the vendor-supplied patch immediately.
A vulnerability was found in NagVis up to 1.9.33 and classified as problematic.php. Rated high severity (CVSS 8.1), this
The Manage Backgrounds functionality within NagVis versions prior to 1.9.29 is vulnerable to an authenticated path trave
An issue was discovered in NagVis 1.9b12. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable,
Improper neutralization of input in Nagvis before version 1.9.42 which can lead to XSS. Rated medium severity (CVSS 6.1)
XSS exists in NagVis before 1.9.38 via the select function in share/server/core/functions/html.php. Rated medium severit
Improper neutralization of input in Nagvis before version 1.9.47 which can lead to XSS. Rated medium severity (CVSS 5.1)
Improper neutralization of input in Nagvis before version 1.9.47 which can lead to livestatus injection. Rated medium se
Same weakness CWE-203 – Observable Discrepancy
View allSame technique Information Disclosure
View allVendor StatusVendor
Ubuntu
Priority: Medium| Release | Status | Version |
|---|---|---|
| xenial | needs-triage | - |
| bionic | needs-triage | - |
| jammy | needs-triage | - |
| noble | needs-triage | - |
| questing | needs-triage | - |
| upstream | released | 1:1.9.48-1 |
| plucky | ignored | end of life, was needs-triage |
Debian
| Release | Status | Fixed Version | Urgency |
|---|---|---|---|
| bullseye | vulnerable | 1:1.9.25-2 | - |
| bullseye (security) | vulnerable | 1:1.9.25-2+deb11u2 | - |
| bookworm | vulnerable | 1:1.9.34-1 | - |
| trixie | vulnerable | 1:1.9.47-1 | - |
| forky, sid | fixed | 1:1.9.48-1 | - |
| (unstable) | fixed | 1:1.9.48-1 | - |
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-200737