CVE-2025-2596 - Vulnerability Details

Link	Providers
https://checkmk.com/werk/17808

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Type	Values Removed	Values Added
Description		Session logout could be overwritten in Checkmk GmbH's Checkmk versions <2.3.0p30, <2.2.0p41, and 2.1.0p49 (EOL)
Title		Session logout can be overwritten by long lasting request
Weaknesses		CWE-613
References		https://checkmk.com/werk/17808
Metrics		cvssV4_0 `{'score': 2.3, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N'}`

Show plain JSON

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-2596", "assignerOrgId": "f7d6281c-4801-44ce-ace2-493291dedb0f", "state": "PUBLISHED", "assignerShortName": "Checkmk", "dateReserved": "2025-03-21T10:07:46.468Z", "datePublished": "2025-03-26T10:51:16.285Z", "dateUpdated": "2025-03-26T17:36:08.128Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Checkmk", "vendor": "Checkmk GmbH", "versions": [{"lessThan": "2.4.0b2", "status": "affected", "version": "2.4.0", "versionType": "semver"}, {"lessThan": "2.3.0p30", "status": "affected", "version": "2.3.0", "versionType": "semver"}, {"lessThan": "2.2.0p41", "status": "affected", "version": "2.2.0", "versionType": "semver"}, {"lessThanOrEqual": "2.1.0p50", "status": "affected", "version": "2.1.0", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "value": "Session logout could be overwritten in Checkmk GmbH's Checkmk versions <2.3.0p30, <2.2.0p41, and 2.1.0p49 (EOL)"}], "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels"}]}], "metrics": [{"cvssV4_0": {"baseScore": 2.3, "baseSeverity": "LOW", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N", "version": "4.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-613", "description": "CWE-613 Insufficient Session Expiration", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f7d6281c-4801-44ce-ace2-493291dedb0f", "shortName": "Checkmk", "dateUpdated": "2025-03-26T10:51:16.285Z"}, "references": [{"url": "https://checkmk.com/werk/17808"}], "title": "Session logout can be overwritten by long lasting request"}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-03-26T17:35:52.786112Z", "id": "CVE-2025-2596", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-26T17:36:08.128Z"}}]}}

{

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

cveMetadata : { »

cveId : CVE-2025-2596 (string)

assignerOrgId : f7d6281c-4801-44ce-ace2-493291dedb0f (string)

state : PUBLISHED (string)

assignerShortName : Checkmk (string)

dateReserved : 2025-03-21T10:07:46.468Z (string)

datePublished : 2025-03-26T10:51:16.285Z (string)

dateUpdated : 2025-03-26T17:36:08.128Z (string)

}

containers : { »

cna : { »

affected : [ »

0 : { »

defaultStatus : unaffected (string)

product : Checkmk (string)

vendor : Checkmk GmbH (string)

versions : [ »

0 : { »

lessThan : 2.4.0b2 (string)

status : affected (string)

version : 2.4.0 (string)

versionType : semver (string)

}

1 : { »

lessThan : 2.3.0p30 (string)

status : affected (string)

version : 2.3.0 (string)

versionType : semver (string)

}

2 : { »

lessThan : 2.2.0p41 (string)

status : affected (string)

version : 2.2.0 (string)

versionType : semver (string)

}

3 : { »

lessThanOrEqual : 2.1.0p50 (string)

status : affected (string)

version : 2.1.0 (string)

versionType : semver (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : Session logout could be overwritten in Checkmk GmbH's Checkmk versions <2.3.0p30, <2.2.0p41, and 2.1.0p49 (EOL) (string)

}

]

impacts : [ »

0 : { »

capecId : CAPEC-180 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels (string)

}

]

}

]

metrics : [ »

0 : { »

cvssV4_0 : { »

baseScore : 2.3 (number)

baseSeverity : LOW (string)

vectorString : CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N (string)

version : 4.0 (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

cweId : CWE-613 (string)

description : CWE-613 Insufficient Session Expiration (string)

lang : en (string)

type : CWE (string)

}

]

}

]

providerMetadata : { »

orgId : f7d6281c-4801-44ce-ace2-493291dedb0f (string)

shortName : Checkmk (string)

dateUpdated : 2025-03-26T10:51:16.285Z (string)

}

references : [ »

0 : { »

url : https://checkmk.com/werk/17808 (string)

}

]

title : Session logout can be overwritten by long lasting request (string)

}

adp : [ »

0 : { »

metrics : [ »

0 : { »

other : { »

type : ssvc (string)

content : { »

timestamp : 2025-03-26T17:35:52.786112Z (string)

id : CVE-2025-2596 (string)

options : [ »

0 : { »

Exploitation : none (string)

}

1 : { »

Automatable : no (string)

}

2 : { »

Technical Impact : partial (string)

}

]

role : CISA Coordinator (string)

version : 2.0.3 (string)

}

]

title : CISA ADP Vulnrichment (string)

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2025-03-26T17:36:08.128Z (string)

}

]

}

Show plain JSON

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-2596", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-03-26T17:35:52.786112Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-26T17:36:03.032Z"}}], "cna": {"title": "Session logout can be overwritten by long lasting request", "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels"}]}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 2.3, "baseSeverity": "LOW", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"}}], "affected": [{"vendor": "Checkmk GmbH", "product": "Checkmk", "versions": [{"status": "affected", "version": "2.4.0", "lessThan": "2.4.0b2", "versionType": "semver"}, {"status": "affected", "version": "2.3.0", "lessThan": "2.3.0p30", "versionType": "semver"}, {"status": "affected", "version": "2.2.0", "lessThan": "2.2.0p41", "versionType": "semver"}, {"status": "affected", "version": "2.1.0", "versionType": "semver", "lessThanOrEqual": "2.1.0p50"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://checkmk.com/werk/17808"}], "descriptions": [{"lang": "en", "value": "Session logout could be overwritten in Checkmk GmbH's Checkmk versions <2.3.0p30, <2.2.0p41, and 2.1.0p49 (EOL)"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-613", "description": "CWE-613 Insufficient Session Expiration"}]}], "providerMetadata": {"orgId": "f7d6281c-4801-44ce-ace2-493291dedb0f", "shortName": "Checkmk", "dateUpdated": "2025-03-26T10:51:16.285Z"}}}, "cveMetadata": {"cveId": "CVE-2025-2596", "state": "PUBLISHED", "dateUpdated": "2025-03-26T17:36:08.128Z", "dateReserved": "2025-03-21T10:07:46.468Z", "assignerOrgId": "f7d6281c-4801-44ce-ace2-493291dedb0f", "datePublished": "2025-03-26T10:51:16.285Z", "assignerShortName": "Checkmk"}, "dataVersion": "5.1"}

{

dataType : CVE_RECORD (string)

containers : { »

adp : [ »

0 : { »

title : CISA ADP Vulnrichment (string)

metrics : [ »

0 : { »

other : { »

type : ssvc (string)

content : { »

id : CVE-2025-2596 (string)

role : CISA Coordinator (string)

options : [ »

0 : { »

Exploitation : none (string)

}

1 : { »

Automatable : no (string)

}

2 : { »

Technical Impact : partial (string)

}

]

version : 2.0.3 (string)

timestamp : 2025-03-26T17:35:52.786112Z (string)

}

]

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2025-03-26T17:36:03.032Z (string)

}

]

cna : { »

title : Session logout can be overwritten by long lasting request (string)

impacts : [ »

0 : { »

capecId : CAPEC-180 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels (string)

}

]

}

]

metrics : [ »

0 : { »

cvssV4_0 : { »

version : 4.0 (string)

baseScore : 2.3 (number)

baseSeverity : LOW (string)

vectorString : CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N (string)

}

]

affected : [ »

0 : { »

vendor : Checkmk GmbH (string)

product : Checkmk (string)

versions : [ »

0 : { »

status : affected (string)

version : 2.4.0 (string)

lessThan : 2.4.0b2 (string)

versionType : semver (string)

}

1 : { »

status : affected (string)

version : 2.3.0 (string)

lessThan : 2.3.0p30 (string)

versionType : semver (string)

}

2 : { »

status : affected (string)

version : 2.2.0 (string)

lessThan : 2.2.0p41 (string)

versionType : semver (string)

}

3 : { »

status : affected (string)

version : 2.1.0 (string)

versionType : semver (string)

lessThanOrEqual : 2.1.0p50 (string)

}

]

defaultStatus : unaffected (string)

}

]

references : [ »

0 : { »

url : https://checkmk.com/werk/17808 (string)

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : Session logout could be overwritten in Checkmk GmbH's Checkmk versions <2.3.0p30, <2.2.0p41, and 2.1.0p49 (EOL) (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

lang : en (string)

type : CWE (string)

cweId : CWE-613 (string)

description : CWE-613 Insufficient Session Expiration (string)

}

]

}

]

providerMetadata : { »

orgId : f7d6281c-4801-44ce-ace2-493291dedb0f (string)

shortName : Checkmk (string)

dateUpdated : 2025-03-26T10:51:16.285Z (string)

}

cveMetadata : { »

cveId : CVE-2025-2596 (string)

state : PUBLISHED (string)

dateUpdated : 2025-03-26T17:36:08.128Z (string)

dateReserved : 2025-03-21T10:07:46.468Z (string)

assignerOrgId : f7d6281c-4801-44ce-ace2-493291dedb0f (string)

datePublished : 2025-03-26T10:51:16.285Z (string)

assignerShortName : Checkmk (string)

}

dataVersion : 5.1 (string)

}

Show plain JSON

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Session logout could be overwritten in Checkmk GmbH's Checkmk versions <2.3.0p30, <2.2.0p41, and 2.1.0p49 (EOL)"}, {"lang": "es", "value": "El cierre de sesi\u00f3n podr\u00eda sobrescribirse en las versiones de Checkmk de Checkmk GmbH &lt;2.3.0p30, &lt;2.2.0p41 y 2.1.0p49 (EOL)"}], "id": "CVE-2025-2596", "lastModified": "2025-03-27T16:45:27.850", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 2.3, "baseSeverity": "LOW", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "security@checkmk.com", "type": "Secondary"}]}, "published": "2025-03-26T11:15:39.183", "references": [{"source": "security@checkmk.com", "url": "https://checkmk.com/werk/17808"}], "sourceIdentifier": "security@checkmk.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-613"}], "source": "security@checkmk.com", "type": "Secondary"}]}

{

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : Session logout could be overwritten in Checkmk GmbH's Checkmk versions <2.3.0p30, <2.2.0p41, and 2.1.0p49 (EOL) (string)

}

1 : { »

lang : es (string)

value : El cierre de sesión podría sobrescribirse en las versiones de Checkmk de Checkmk GmbH <2.3.0p30, <2.2.0p41 y 2.1.0p49 (EOL) (string)

}

]

id : CVE-2025-2596 (string)

lastModified : 2025-03-27T16:45:27.850 (string)

metrics : { »

cvssMetricV40 : [ »

0 : { »

cvssData : { »

Automatable : NOT_DEFINED (string)

Recovery : NOT_DEFINED (string)

Safety : NOT_DEFINED (string)

attackComplexity : HIGH (string)

attackRequirements : PRESENT (string)

attackVector : NETWORK (string)

availabilityRequirement : NOT_DEFINED (string)

baseScore : 2.3 (number)

baseSeverity : LOW (string)

confidentialityRequirement : NOT_DEFINED (string)

exploitMaturity : NOT_DEFINED (string)

integrityRequirement : NOT_DEFINED (string)

modifiedAttackComplexity : NOT_DEFINED (string)

modifiedAttackRequirements : NOT_DEFINED (string)

modifiedAttackVector : NOT_DEFINED (string)

modifiedPrivilegesRequired : NOT_DEFINED (string)

modifiedSubAvailabilityImpact : NOT_DEFINED (string)

modifiedSubConfidentialityImpact : NOT_DEFINED (string)

modifiedSubIntegrityImpact : NOT_DEFINED (string)

modifiedUserInteraction : NOT_DEFINED (string)

modifiedVulnAvailabilityImpact : NOT_DEFINED (string)

modifiedVulnConfidentialityImpact : NOT_DEFINED (string)

modifiedVulnIntegrityImpact : NOT_DEFINED (string)

privilegesRequired : LOW (string)

providerUrgency : NOT_DEFINED (string)

subAvailabilityImpact : NONE (string)

subConfidentialityImpact : NONE (string)

subIntegrityImpact : NONE (string)

userInteraction : NONE (string)

valueDensity : NOT_DEFINED (string)

vectorString : CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X (string)

version : 4.0 (string)

vulnAvailabilityImpact : NONE (string)

vulnConfidentialityImpact : NONE (string)

vulnIntegrityImpact : LOW (string)

vulnerabilityResponseEffort : NOT_DEFINED (string)

}

source : security@checkmk.com (string)

type : Secondary (string)

}

]

}

published : 2025-03-26T11:15:39.183 (string)

references : [ »

0 : { »

source : security@checkmk.com (string)

url : https://checkmk.com/werk/17808 (string)

}

]

sourceIdentifier : security@checkmk.com (string)

vulnStatus : Awaiting Analysis (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-613 (string)

}

]

source : security@checkmk.com (string)

type : Secondary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity High

Privileges Required Low

Attack Requirements Present

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity High

Privileges Required Low

Attack Requirements Present

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object