{"id":"CVE-2025-39665","details":"User enumeration in Nagvis' Checkmk MultisiteAuth before version 1.9.48 allows an unauthenticated attacker to enumerate Checkmk usernames.","modified":"2025-12-21T06:43:33.412857Z","published":"2025-12-03T10:15:47.913Z","references":[{"type":"ADVISORY","url":"https://www.nagvis.org/downloads/changelog/1.9.48"},{"type":"FIX","url":"https://github.com/NagVis/nagvis/pull/411/commits/4acabcf9d5b2d26f390e760f59def8e163908d66"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/nagvis/nagvis","events":[{"introduced":"0"},{"fixed":"e286fec137d7408aab912d73b86bba8495f57fc6"}]}],"versions":["nagvis-1.0.0","nagvis-1.1.0","nagvis-1.1.1","nagvis-1.1.2","nagvis-1.2.0","nagvis-1.2.1","nagvis-1.2.2","nagvis-1.3.0","nagvis-1.4.0","nagvis-1.4.1","nagvis-1.5.0","nagvis-1.5.1","nagvis-1.5.2","nagvis-1.5.3","nagvis-1.5.4","nagvis-1.5.5","nagvis-1.5b1","nagvis-1.5b2","nagvis-1.5b3","nagvis-1.5b4","nagvis-1.5rc1","nagvis-1.5rc2","nagvis-1.5rc3","nagvis-1.6.0","nagvis-1.6.1","nagvis-1.6.2","nagvis-1.6.3","nagvis-1.6.4","nagvis-1.6b1","nagvis-1.6b2","nagvis-1.6b3","nagvis-1.6rc1","nagvis-1.6rc2","nagvis-1.6rc3","nagvis-1.6rc4","nagvis-1.7.0","nagvis-1.7.1","nagvis-1.7.2","nagvis-1.7.3","nagvis-1.7.4","nagvis-1.7.5","nagvis-1.7.6","nagvis-1.7.7","nagvis-1.7.8","nagvis-1.7.9","nagvis-1.7b1","nagvis-1.7b2","nagvis-1.7b3","nagvis-1.8.0","nagvis-1.8b1","nagvis-1.8b2","nagvis-1.8b3","nagvis-1.8b4","nagvis-1.8b5","nagvis-1.8b6","nagvis-1.8b7","nagvis-1.8rc1","nagvis-1.8rc2","nagvis-1.8rc3","nagvis-1.9.0","nagvis-1.9.1","nagvis-1.9.10","nagvis-1.9.11","nagvis-1.9.12","nagvis-1.9.13","nagvis-1.9.14","nagvis-1.9.15","nagvis-1.9.16","nagvis-1.9.17","nagvis-1.9.18","nagvis-1.9.19","nagvis-1.9.2","nagvis-1.9.20","nagvis-1.9.21","nagvis-1.9.22","nagvis-1.9.23","nagvis-1.9.24","nagvis-1.9.25","nagvis-1.9.26","nagvis-1.9.27","nagvis-1.9.28","nagvis-1.9.29","nagvis-1.9.3","nagvis-1.9.30","nagvis-1.9.31","nagvis-1.9.32","nagvis-1.9.33","nagvis-1.9.34","nagvis-1.9.35","nagvis-1.9.36","nagvis-1.9.37","nagvis-1.9.38","nagvis-1.9.39","nagvis-1.9.4","nagvis-1.9.40","nagvis-1.9.41","nagvis-1.9.42","nagvis-1.9.43","nagvis-1.9.44","nagvis-1.9.45","nagvis-1.9.46","nagvis-1.9.47","nagvis-1.9.5","nagvis-1.9.6","nagvis-1.9.7","nagvis-1.9.8","nagvis-1.9.9","nagvis-1.9a1","nagvis-1.9b1","nagvis-1.9b10","nagvis-1.9b11","nagvis-1.9b12","nagvis-1.9b13","nagvis-1.9b14","nagvis-1.9b15","nagvis-1.9b16","nagvis-1.9b17","nagvis-1.9b18","nagvis-1.9b19","nagvis-1.9b2","nagvis-1.9b3","nagvis-1.9b4","nagvis-1.9b5","nagvis-1.9b6","nagvis-1.9b7","nagvis-1.9b8","nagvis-1.9b9"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-39665.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}]}