{"id":"CVE-2025-3506","details":"Files to be deployed with agents are accessible without authentication in Checkmk 2.1.0, Checkmk 2.2.0, Checkmk 2.3.0 and \u003cCheckmk 2.4.0b6 allows attacker to access files that could contain secrets.","modified":"2026-04-10T05:25:36.452111Z","published":"2025-05-08T12:15:17.833Z","references":[{"type":"ADVISORY","url":"https://checkmk.com/werk/17348"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/checkmk/checkmk","events":[{"introduced":"6a686961c4b760c55a13cfdb61e7c02be832a0be"},{"last_affected":"779a2941a075e1461b45407f715176524414b994"},{"introduced":"0"},{"last_affected":"4abde4a41de677e103561e4fb75b81f6ee8b80dd"},{"introduced":"0"},{"last_affected":"4807b162eabc6da5accf1391ddd4c35dc964f904"},{"introduced":"0"},{"last_affected":"ad0758a3c7d5c68ceb2b561cc099d5b0dcf84170"},{"introduced":"0"},{"last_affected":"a314c586cd7a3ebb27029427654d0bea50db5452"},{"introduced":"0"},{"last_affected":"cf744b214554060204275d22fad1dd92e8f61fa9"},{"introduced":"0"},{"last_affected":"241a54afaa485f507682f43e4ca5ed8c36c85c22"}],"database_specific":{"versions":[{"introduced":"2.1.0"},{"last_affected":"2.3.0"},{"introduced":"0"},{"last_affected":"2.4.0-NA"},{"introduced":"0"},{"last_affected":"2.4.0-b1"},{"introduced":"0"},{"last_affected":"2.4.0-b2"},{"introduced":"0"},{"last_affected":"2.4.0-b3"},{"introduced":"0"},{"last_affected":"2.4.0-b4"},{"introduced":"0"},{"last_affected":"2.4.0-b5"}]}}],"versions":["1.1.0beta17","v1.1.0","v1.1.10","v1.1.10b1","v1.1.10b2","v1.1.11i1","v1.1.11i2","v1.1.11i3","v1.1.13i2","v1.1.13i3","v1.1.2","v1.1.3","v1.1.4","v1.1.6","v1.1.6b2","v1.1.7i2","v1.1.7i3","v1.1.7i4","v1.1.7i5","v1.1.8","v1.1.8b1","v1.1.8b2","v1.1.8b3","v1.1.9i1","v1.1.9i3","v1.1.9i4","v1.1.9i5","v1.1.9i7","v1.1.9i8","v1.1.9i9","v1.2.0b2","v1.2.0b3","v1.2.0b4","v1.2.0p1","v1.2.1i5","v1.2.3i4","v1.2.3i5","v1.2.3i6","v1.2.5i1","v1.2.5i6","v1.4.0i1","v1.4.0i2","v1.4.0i3","v1.5.0i1","v1.5.0i2","v1.5.0i3","v1.6.0b1","v2.0.0i1","v2.3.0","v2.3.0-rc1","v2.3.0-rc2","v2.3.0-rc3","v2.3.0b1","v2.3.0b1-rc1","v2.3.0b1-rc2","v2.3.0b2","v2.3.0b2-rc1","v2.3.0b3","v2.3.0b3-rc1","v2.3.0b4-rc1","v2.3.0b4-rc2","v2.3.0b5","v2.3.0b5-rc1","v2.3.0b6-rc1","v2.4.0","v2.4.0-rc1","v2.4.0b1-rc1","v2.4.0b2-rc1","v2.4.0b3","v2.4.0b3-rc1","v2.4.0b4","v2.4.0b4-rc1","v2.4.0b5","v2.4.0b5-rc1","v2.4.0b6","v2.4.0b6-rc1","v2.4.0p1","v2.4.0p1-rc1","v2.4.0p1-rc2","v2.4.0p2","v2.4.0p2-rc1","v2.4.0p3","v2.4.0p3-rc1","v2.4.0p3-rc2","v2.4.0p4","v2.4.0p4-rc1","v2.4.0p5","v2.4.0p5-rc1","v2.4.0p5-rc2"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-3506.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}]}