Cyber Posture

CVE-2025-1075

High

Published: 19 February 2025

Published
19 February 2025
Modified
25 August 2025
KEV Added
Patch
CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.0021 43.7th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-1075 is a high-severity Insertion of Sensitive Information into Log File (CWE-532) vulnerability in Checkmk Checkmk. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Credentials In Files (T1552.001); ranked at the 43.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AU-13 (Monitoring for Information Disclosure) and AU-9 (Protection of Audit Information).

Threat & Defense at a Glance

What attackers do: exploitation maps to Credentials In Files (T1552.001). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-11 Error Handling good match
prevent

SI-11 requires systems to handle errors without revealing sensitive information like LDAP credentials in logs, directly preventing the insertion vulnerability.

AU-9 Protection of Audit Information good match
prevent

AU-9 protects audit and log information from unauthorized access and modification, mitigating exposure of LDAP credentials even if logged in the Apache error file.

AU-13 Monitoring for Information Disclosure good match
detect

AU-13 mandates monitoring for information disclosures, enabling detection of sensitive LDAP credentials written to accessible log files.

MITRE ATT&CK Enterprise TechniquesAI

T1552.001 Credentials In Files Credential Access
Adversaries may search local file systems and remote file shares for files containing insecurely stored credentials.
attack.mitre.org →
Why these techniques?

Direct exposure of LDAP credentials in accessible Apache error log file enables credential access via unsecured files.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p27, <2.2.0p40, and 2.1.0p51 (EOL) causes LDAP credentials to be written to Apache error log file accessible to administrators.

Deeper analysisAI

CVE-2025-1075, published on 2025-02-19, is an insertion of sensitive information into a log file vulnerability (CWE-532) affecting Checkmk GmbH's Checkmk monitoring software in versions prior to 2.3.0p27, prior to 2.2.0p40, and 2.1.0p51 (end-of-life). The issue causes LDAP credentials to be written to the Apache error log file, which is accessible to administrators. It carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), indicating high severity primarily due to confidentiality impact.

The vulnerability can be exploited over the network by unauthenticated attackers requiring low complexity and no user interaction. Successful exploitation results in high confidentiality impact, enabling access to sensitive LDAP credentials stored in the Apache error log file on affected Checkmk installations.

Mitigation is addressed in the Checkmk advisory at https://checkmk.com/werk/17495, with patches available in Checkmk versions 2.3.0p27, 2.2.0p40, and recommendations for end-of-life version 2.1.0p51 users to upgrade.

Details

CWE(s)
CWE-532

Affected Products

checkmk
checkmk
2.1.0, 2.2.0, 2.3.0 · ≤ 2.1.0

CVEs Like This One

CVE-2026-24096Same product: Checkmk Checkmk
CVE-2026-33456Same product: Checkmk Checkmk
CVE-2025-39666Same product: Checkmk Checkmk
CVE-2024-7577Shared CWE-532
CVE-2026-27900Shared CWE-532
CVE-2026-23775Shared CWE-532
CVE-2026-34487Shared CWE-532
CVE-2026-24762Shared CWE-532
CVE-2025-30205Shared CWE-532
CVE-2026-28261Shared CWE-532

References