{ "affected": [ { "ranges": [ { "database_specific": { "versions": [ { "introduced": "2.1.0" }, { "last_affected": "2.3.0" }, { "introduced": "0" }, { "last_affected": "2.4.0-NA" }, { "introduced": "0" }, { "last_affected": "2.4.0-b1" }, { "introduced": "0" }, { "last_affected": "2.4.0-b2" }, { "introduced": "0" }, { "last_affected": "2.4.0-b3" }, { "introduced": "0" }, { "last_affected": "2.4.0-b4" }, { "introduced": "0" }, { "last_affected": "2.4.0-b5" } ] }, "events": [ { "introduced": "6a686961c4b760c55a13cfdb61e7c02be832a0be" }, { "last_affected": "779a2941a075e1461b45407f715176524414b994" }, { "introduced": "0" }, { "last_affected": "4abde4a41de677e103561e4fb75b81f6ee8b80dd" }, { "introduced": "0" }, { "last_affected": "4807b162eabc6da5accf1391ddd4c35dc964f904" }, { "introduced": "0" }, { "last_affected": "ad0758a3c7d5c68ceb2b561cc099d5b0dcf84170" }, { "introduced": "0" }, { "last_affected": "a314c586cd7a3ebb27029427654d0bea50db5452" }, { "introduced": "0" }, { "last_affected": "cf744b214554060204275d22fad1dd92e8f61fa9" }, { "introduced": "0" }, { "last_affected": "241a54afaa485f507682f43e4ca5ed8c36c85c22" } ], "repo": "https://github.com/checkmk/checkmk", "type": "GIT" } ] } ], "details": "Files to be deployed with agents are accessible without authentication in Checkmk 2.1.0, Checkmk 2.2.0, Checkmk 2.3.0 and \u003cCheckmk 2.4.0b6 allows attacker to access files that could contain secrets.", "id": "CVE-2025-3506", "modified": "2026-03-10T21:48:10.861751589Z", "published": "2025-05-08T12:15:17.833Z", "references": [ { "type": "ADVISORY", "url": "https://checkmk.com/werk/17348" } ], "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "type": "CVSS_V3" } ] }