Sensitive Information Exposure in Checkmk by Checkmk GmbH
CVE-2025-32916

1LOW

Key Information:

Vendor: Checkmk Gmbh
Status: Checkmk
Vendor: CVE Published:; 9 October 2025

🔔 Create Checkmk Gmbh Vulnerability Alert

What is CVE-2025-32916?

The vulnerability allows the potential exposure of sensitive information through GET requests in specific versions of Checkmk. This issue arises when sensitive form data is inadvertently included in URL query parameters, which can subsequently be logged in locations such as browser history and web server logs. This poses a risk to users if the exposed information is accessed by unauthorized individuals.

Affected Version(s)

Checkmk 2.4.0 < 2.4.0p13

Checkmk 2.3.0 < 2.3.0p38

Checkmk 2.2.0 < 2.2.0p46

References

https://checkmk.com/werk/17105

CVSS V4

Score:

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 9, 2025
Vulnerability Reserved
Apr 14, 2025

JSON