CVE-2025-1075 MEDIUM

CVE-2025-1075: LDAP credentials logged to Apache error log

Vendor Checkmk Gmbh

Product Checkmk

Weakness CWE-532 · Sensitive info in logs

Published February 19, 2025

Last update November 13, 2025

View on NVD All CVEs

CVSS base score

5.6/10

Attack vector Local

Attack complexity Low

Privileges required Low

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N

What the vulnerability does

Description

Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p27, <2.2.0p40, and 2.1.0p51 (EOL) causes LDAP credentials to be written to Apache error log file accessible to administrators.

Key dates

Disclosure timeline

February 19, 2025 CVE published

November 13, 2025 Record updated

Identifiers

CVE CVE-2025-1075

CWE CWE-532

CVSS 5.6 / MEDIUM

Affected versions

Vendor Checkmk Gmbh

Product Checkmk

Affected ≥ 2.3.0 and < 2.3.0p27

Vendor Checkmk Gmbh

Product Checkmk

Affected ≥ 2.2.0 and < 2.2.0p40

Vendor Checkmk Gmbh

Product Checkmk

Affected ≥ 2.1.0 and ≤ 2.1.0p50