CVE-2025-32916
published 2025-10-09CVE-2025-32916: Potential use of sensitive information in GET requests in Checkmk GmbH's Checkmk versions <2.4.0p13, <2.3.0p38, <2.2.0p46, and 2.1.0 (EOL) may cause sensitive…
PriorityP420medium4.3CVSS 3.1
AVNACLPRNUIRSUCLINAN
EPSS
0.18%
7.2th percentile
Potential use of sensitive information in GET requests in Checkmk GmbH's Checkmk versions <2.4.0p13, <2.3.0p38, <2.2.0p46, and 2.1.0 (EOL) may cause sensitive form data to be included in URL query parameters, which may be logged in various places such as browser history or web server logs.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| checkmk | checkmk | — | — |
| checkmk | checkmk | — | — |
| checkmk | checkmk | — | — |
| checkmk | checkmk | >= 2.1.0 < 2.2.0 | 2.2.0 |
| checkmk_gmbh | checkmk | — | — |
| checkmk_gmbh | checkmk | >= 2.2.0 < 2.2.0p46 | 2.2.0p46 |
| checkmk_gmbh | checkmk | >= 2.3.0 < 2.3.0p38 | 2.3.0p38 |
| checkmk_gmbh | checkmk | >= 2.4.0 < 2.4.0p13 | 2.4.0p13 |
CVSS provenance
nvdv3.14.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
nvdv4.01.0LOWCVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
osv1.0LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-pr6f-5c62-pj5r: Potential use of sensitive information in GET requests in Checkmk GmbH's Checkmk versions <2
ghsa_unreviewed·2025-10-09
CVE-2025-32916 [LOW] CWE-598 GHSA-pr6f-5c62-pj5r: Potential use of sensitive information in GET requests in Checkmk GmbH's Checkmk versions <2
Potential use of sensitive information in GET requests in Checkmk GmbH's Checkmk versions <2.4.0p13, <2.3.0p38, <2.2.0p46, and 2.1.0 (EOL) may cause sensitive form data to be included in URL query parameters, which may be logged in various places such as browser history or web server logs.
OSV
CVE-2025-32916: Potential use of sensitive information in GET requests in Checkmk GmbH's Checkmk versions <2
osv·2025-10-09·CVSS 1.0
CVE-2025-32916 [LOW] CVE-2025-32916: Potential use of sensitive information in GET requests in Checkmk GmbH's Checkmk versions <2
Potential use of sensitive information in GET requests in Checkmk GmbH's Checkmk versions <2.4.0p13, <2.3.0p38, <2.2.0p46, and 2.1.0 (EOL) may cause sensitive form data to be included in URL query parameters, which may be logged in various places such as browser history or web server logs.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-10-09
Published