Session Logout Vulnerability in Checkmk by Checkmk GmbH
CVE-2025-2596

2.3LOW

Key Information:

Vendor: Checkmk Gmbh
Status: Checkmk
Vendor: CVE Published:; 26 March 2025

Summary

A session management vulnerability in Checkmk products exists where the logout functionality can be manipulated, leading to unintended session persistence for users. This flaw affects versions of Checkmk prior to 2.3.0p30, as well as versions 2.2.0p41 and 2.1.0p49, which is now end-of-life. Users are at risk of having their sessions improperly managed if the logout process is compromised, potentially allowing unauthorized access to sensitive features and data.

Affected Version(s)

Checkmk 2.4.0 < 2.4.0b2

Checkmk 2.3.0 < 2.3.0p30

Checkmk 2.2.0 < 2.2.0p41

References

https://checkmk.com/werk/17808

CVSS V4

Score:

2.3

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Mar 26, 2025
Vulnerability Reserved
Mar 21, 2025