Sensitive Information Exposure in Checkmk by Checkmk GmbH
CVE-2025-2092

7.1HIGH

Key Information:

Vendor
Checkmk Gmbh
Status
Checkmk
Vendor
CVE Published:
22 April 2025

Summary

A significant vulnerability in Checkmk by Checkmk GmbH allows sensitive authentication secrets to be inadvertently written to log files. This issue affects specific versions of Checkmk, where remote site authentication credentials become accessible to administrators, potentially leading to unauthorized access or data leaks. Administrators must take prompt action to secure their systems and upgrade to fixed versions to mitigate this risk.

Affected Version(s)

Checkmk 2.3.0 < 2.3.0p29

Checkmk 2.2.0 < 2.2.0p41

Checkmk 2.1.0 <= 2.1.0p49

References

https://checkmk.com/werk/17780

CVSS V4

Score:
7.1
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-2092 : Sensitive Information Exposure in Checkmk by Checkmk GmbH | SecurityVulnerability.io