CVE-2025-3506

Published: May 8, 2025Modified: Aug 25, 2025

6.3

Vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less

Source: security@checkmk.com (Secondary)

Description

Files to be deployed with agents are accessible without authentication in Checkmk 2.1.0, Checkmk 2.2.0, Checkmk 2.3.0 and <Checkmk 2.4.0b6 allows attacker to access files that could contain secrets.

Affected (7)

Products: Checkmk: Checkmk

Checkmk

1 product

Checkmk

Configuration A

7 vulnerable

Vulnerable Software	Affected Versions
Checkmk Checkmk	From 2.1.0 to 2.3.0
Checkmk Checkmk	Version 2.4.0
Checkmk Checkmk	Version 2.4.0 b1
Checkmk Checkmk	Version 2.4.0 b2
Checkmk Checkmk	Version 2.4.0 b3
Checkmk Checkmk	Version 2.4.0 b4
Checkmk Checkmk	Version 2.4.0 b5

Related CWEs

CWE-497

Exposure of Sensitive System Information to an Unauthorized Control Sphere

The product does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the product does.

References (1)

https://checkmk.com/werk/17348

Source: security@checkmk.com

Vendor Advisory

Timeline

No history available yet.