Sensitive Information Exposure in Checkmk by Checkmk GmbH
CVE-2025-1075

5.6MEDIUM

Key Information:

Vendor: Checkmk Gmbh
Status: Checkmk
Vendor: CVE Published:; 19 February 2025

Summary

Certain versions of Checkmk software by Checkmk GmbH have a vulnerability that may lead to sensitive LDAP credentials being mistakenly logged in the Apache error log files. This issue affects versions below 2.3.0p27, versions below 2.2.0p40, and version 2.1.0p51, which has reached end-of-life. Administrators with access to these log files may inadvertently expose sensitive information, increasing the risk of unauthorized access.

Affected Version(s)

Checkmk 2.3.0 < 2.3.0p27

Checkmk 2.2.0 < 2.2.0p40

Checkmk 2.1.0 <= 2.1.0p50

References

https://checkmk.com/werk/17495

CVSS V4

Score:

5.6

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Timeline

Vulnerability published
Feb 19, 2025
Vulnerability Reserved
Feb 6, 2025