CVE-2025-32916

Summary

Potential use of sensitive information in GET requests in Checkmk GmbH's Checkmk versions <2.4.0p13, <2.3.0p38, <2.2.0p46, and 2.1.0 (EOL) may cause sensitive form data to be included in URL query parameters, which may be logged in various places such as browser history or web server logs.

Affected Software

VendorProductVersion RangeStatus
Checkmk GmbHCheckmk2.4.0 < 2.4.0p13affected
Checkmk GmbHCheckmk2.3.0 < 2.3.0p38affected
Checkmk GmbHCheckmk2.2.0 < 2.2.0p46affected
Checkmk GmbHCheckmk2.1.0affected

Weaknesses

  • CWE-598: CWE-598: Use of GET Request Method With Sensitive Query Strings

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References