Sensitive Information Exposure in Checkmk by Checkmk GmbH
CVE-2025-2092

7.1HIGH

Key Information:

Vendor: Checkmk Gmbh
Status: Checkmk
Vendor: CVE Published:; 22 April 2025

🔔 Create Checkmk Gmbh Vulnerability Alert

What is CVE-2025-2092?

A significant vulnerability in Checkmk by Checkmk GmbH allows sensitive authentication secrets to be inadvertently written to log files. This issue affects specific versions of Checkmk, where remote site authentication credentials become accessible to administrators, potentially leading to unauthorized access or data leaks. Administrators must take prompt action to secure their systems and upgrade to fixed versions to mitigate this risk.

Affected Version(s)

Checkmk 2.3.0 < 2.3.0p29

Checkmk 2.2.0 < 2.2.0p41

Checkmk 2.1.0 <= 2.1.0p49

References

https://checkmk.com/werk/17780

CVSS V4

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 22, 2025
Vulnerability Reserved
Mar 7, 2025