Cyber Resilience

CVE-2024-47092

HighRCE

Published: 03 March 2025

Published
03 March 2025
Modified
02 September 2025
KEV Added
Patch
CVSS Score v4 7.7 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0016 37.0th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-47092 is a high-severity Deserialization of Untrusted Data (CWE-502) vulnerability in Heinlein-Support Check Mk Python Api. Its CVSS base score is 7.7 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 37.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-17 (Public Key Infrastructure Certificates) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2024-47092, published on 2025-03-03, is a critical vulnerability rated at CVSS 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) stemming from insecure deserialization (CWE-502) and improper certificate validation. It affects the Checkmk Exchange plugin check-mk-api in versions prior to 5.8.1, a component used within Checkmk monitoring environments for API interactions.

Remote attackers require only network access to exploit this vulnerability, with low attack complexity, no privileges, authentication, or user interaction needed. Successful exploitation enables high-impact consequences across confidentiality, integrity, and availability, allowing attackers to potentially execute arbitrary code or fully compromise affected systems.

Advisories recommend updating the check-mk-api plugin to version 5.8.1 or later for mitigation. A specific fix is implemented in the GitHub commit b5a2a7529e3367d7a643e66f05da4f2a27013904 from the HeinleinSupport/check_mk_extensions repository, with further details available on the Checkmk Exchange plugin page.

EU & UK References

Vulnerability details

Insecure deserialization and improper certificate validation in Checkmk Exchange plugin check-mk-api prior to 5.8.1

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Insecure deserialization in a network-accessible API plugin directly enables unauthenticated remote code execution on a public-facing monitoring service.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2024-13770Shared CWE-502
CVE-2026-27303Shared CWE-502
CVE-2025-53586Shared CWE-502
CVE-2025-64353Shared CWE-502
CVE-2025-31047Shared CWE-502
CVE-2026-27096Shared CWE-502
CVE-2023-49886Shared CWE-502
CVE-2026-23542Shared CWE-502
CVE-2025-66631Shared CWE-502
CVE-2026-40044Shared CWE-502

Affected Assets

heinlein-support
check mk python api
≤ 5.8.1

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates insecure deserialization by requiring validation of all inputs prior to processing, preventing arbitrary code execution from untrusted data.

prevent

Ensures proper certificate validation in PKI communications, addressing the improper certificate validation flaw in the check-mk-api plugin.

prevent

Requires timely flaw remediation through patching, directly countering the vulnerability fixed in check-mk-api version 5.8.1.

References