Cyber Resilience

CVE-2025-1075

Medium

Published: 19 February 2025

Published
19 February 2025
Modified
25 August 2025
KEV Added
Patch
CVSS Score v4 5.6 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0021 44.1th percentile
Risk Priority 11 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-1075 is a medium-severity Insertion of Sensitive Information into Log File (CWE-532) vulnerability in Checkmk Checkmk. Its CVSS base score is 5.6 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Credentials In Files (T1552.001); ranked at the 44.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AU-13 (Monitoring for Information Disclosure) and AU-9 (Protection of Audit Information).

Deeper analysis

CVE-2025-1075, published on 2025-02-19, is an insertion of sensitive information into a log file vulnerability (CWE-532) affecting Checkmk GmbH's Checkmk monitoring software in versions prior to 2.3.0p27, prior to 2.2.0p40, and 2.1.0p51 (end-of-life). The issue causes LDAP credentials to be written to the Apache error log file, which is accessible to administrators. It carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), indicating high severity primarily due to confidentiality impact.

The vulnerability can be exploited over the network by unauthenticated attackers requiring low complexity and no user interaction. Successful exploitation results in high confidentiality impact, enabling access to sensitive LDAP credentials stored in the Apache error log file on affected Checkmk installations.

Mitigation is addressed in the Checkmk advisory at https://checkmk.com/werk/17495, with patches available in Checkmk versions 2.3.0p27, 2.2.0p40, and recommendations for end-of-life version 2.1.0p51 users to upgrade.

EU & UK References

Vulnerability details

Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p27, <2.2.0p40, and 2.1.0p51 (EOL) causes LDAP credentials to be written to Apache error log file accessible to administrators.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1552.001 Credentials In Files Credential Access
Adversaries may search local file systems and remote file shares for files containing insecurely stored credentials.
Why these techniques?

Direct exposure of LDAP credentials in accessible Apache error log file enables credential access via unsecured files.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-39666Same product: Checkmk Checkmk
CVE-2026-24096Same product: Checkmk Checkmk
CVE-2026-33456Same product: Checkmk Checkmk
CVE-2026-24762Shared CWE-532
CVE-2024-7577Shared CWE-532
CVE-2026-34487Shared CWE-532
CVE-2026-27900Shared CWE-532
CVE-2025-30205Shared CWE-532
CVE-2026-23775Shared CWE-532
CVE-2026-25193Shared CWE-532

Affected Assets

checkmk
checkmk
2.1.0, 2.2.0, 2.3.0 · ≤ 2.1.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

SI-11 requires systems to handle errors without revealing sensitive information like LDAP credentials in logs, directly preventing the insertion vulnerability.

prevent

AU-9 protects audit and log information from unauthorized access and modification, mitigating exposure of LDAP credentials even if logged in the Apache error file.

detect

AU-13 mandates monitoring for information disclosures, enabling detection of sensitive LDAP credentials written to accessible log files.

References