← back
CVE-2025-32916

Sensitive form data in URL query parameters

CVSS 1 LOWEPSS 0.2%CWE-598
Vexday Risk Score
8Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 1EPSS 0.2%KEV nãoPoC Patch
Lifecycle
09 Oct 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Potential use of sensitive information in GET requests in Checkmk GmbH's Checkmk versions <2.4.0p13, <2.3.0p38, <2.2.0p46, and 2.1.0 (EOL) may cause sensitive form data to be included in URL query parameters, which may be logged in various places such as browser history or web server logs.
CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N
Affected products
Checkmk GmbH · Checkmk

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://checkmk.com/werk/17105