CVE-2025-3506 | THREATINT

Description

Files to be deployed with agents are accessible without authentication in Checkmk 2.1.0, Checkmk 2.2.0, Checkmk 2.3.0 and <Checkmk 2.4.0b6 allows attacker to access files that could contain secrets.

PUBLISHED Reserved 2025-04-10 | Published 2025-05-08 | Updated 2025-05-08 | Assigner Checkmk

MEDIUM: 6.3CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N

Problem types

CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere

Product status

Default status

unaffected

2.4.0 (semver) before 2.4.0b6

affected

2.3.0 (semver)

affected

2.2.0 (semver)

affected

2.1.0 (semver)

affected

Credits

Norman Kühnberger (IT Südwestfalen GmbH) reporter

References

checkmk.com/werk/17348

cve.org (CVE-2025-3506)

nvd.nist.gov (CVE-2025-3506)

Download JSON