CVE-2025-3506

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-3506
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-3506.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-3506
Downstream
Published
2025-05-08T12:15:17.833Z
Modified
2026-04-10T05:25:36.452111Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
[none]
Details

Files to be deployed with agents are accessible without authentication in Checkmk 2.1.0, Checkmk 2.2.0, Checkmk 2.3.0 and <Checkmk 2.4.0b6 allows attacker to access files that could contain secrets.

References

Affected packages

Git / github.com/checkmk/checkmk

Affected ranges

Type
GIT
Repo
https://github.com/checkmk/checkmk
Events
Introduced
6a686961c4b760c55a13cfdb61e7c02be832a0be
Last affected
779a2941a075e1461b45407f715176524414b994
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
4abde4a41de677e103561e4fb75b81f6ee8b80dd
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
4807b162eabc6da5accf1391ddd4c35dc964f904
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
ad0758a3c7d5c68ceb2b561cc099d5b0dcf84170
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
a314c586cd7a3ebb27029427654d0bea50db5452
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
cf744b214554060204275d22fad1dd92e8f61fa9
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
241a54afaa485f507682f43e4ca5ed8c36c85c22
Database specific 
{
    "versions": [
        {
            "introduced": "2.1.0"
        },
        {
            "last_affected": "2.3.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.4.0-NA"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.4.0-b1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.4.0-b2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.4.0-b3"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.4.0-b4"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.4.0-b5"
        }
    ]
}

Affected versions

1.*
1.1.0beta17
v1.*
v1.1.0
v1.1.10
v1.1.10b1
v1.1.10b2
v1.1.11i1
v1.1.11i2
v1.1.11i3
v1.1.13i2
v1.1.13i3
v1.1.2
v1.1.3
v1.1.4
v1.1.6
v1.1.6b2
v1.1.7i2
v1.1.7i3
v1.1.7i4
v1.1.7i5
v1.1.8
v1.1.8b1
v1.1.8b2
v1.1.8b3
v1.1.9i1
v1.1.9i3
v1.1.9i4
v1.1.9i5
v1.1.9i7
v1.1.9i8
v1.1.9i9
v1.2.0b2
v1.2.0b3
v1.2.0b4
v1.2.0p1
v1.2.1i5
v1.2.3i4
v1.2.3i5
v1.2.3i6
v1.2.5i1
v1.2.5i6
v1.4.0i1
v1.4.0i2
v1.4.0i3
v1.5.0i1
v1.5.0i2
v1.5.0i3
v1.6.0b1
v2.*
v2.0.0i1
v2.3.0
v2.3.0-rc1
v2.3.0-rc2
v2.3.0-rc3
v2.3.0b1
v2.3.0b1-rc1
v2.3.0b1-rc2
v2.3.0b2
v2.3.0b2-rc1
v2.3.0b3
v2.3.0b3-rc1
v2.3.0b4-rc1
v2.3.0b4-rc2
v2.3.0b5
v2.3.0b5-rc1
v2.3.0b6-rc1
v2.4.0
v2.4.0-rc1
v2.4.0b1-rc1
v2.4.0b2-rc1
v2.4.0b3
v2.4.0b3-rc1
v2.4.0b4
v2.4.0b4-rc1
v2.4.0b5
v2.4.0b5-rc1
v2.4.0b6
v2.4.0b6-rc1
v2.4.0p1
v2.4.0p1-rc1
v2.4.0p1-rc2
v2.4.0p2
v2.4.0p2-rc1
v2.4.0p3
v2.4.0p3-rc1
v2.4.0p3-rc2
v2.4.0p4
v2.4.0p4-rc1
v2.4.0p5
v2.4.0p5-rc1
v2.4.0p5-rc2

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-3506.json"