CVE-2025-2596: Session logout can be overwritten by long lasting request
First published: Wed Mar 26 2025(Updated: )
Session logout could be overwritten in Checkmk GmbH's Checkmk versions <2.3.0p30, <2.2.0p41, and 2.1.0p49 (EOL)
Credit: security@checkmk.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Checkmk | <2.3.0p30<2.2.0p41 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2025-2596?
CVE-2025-2596 has a medium severity level as it allows session logout to be overwritten.
How do I fix CVE-2025-2596?
To fix CVE-2025-2596, upgrade to Checkmk versions 2.3.0p30 or later, 2.2.0p41 or later, or 2.1.0p49 or later.
Which versions of Checkmk are affected by CVE-2025-2596?
CVE-2025-2596 affects Checkmk versions prior to 2.3.0p30, 2.2.0p41, and 2.1.0p49.
What kind of attacks can exploit CVE-2025-2596?
Attackers can exploit CVE-2025-2596 to maintain a session after a user intends to log out, potentially leading to unauthorized access.
Is there a workaround for CVE-2025-2596?
Currently, the recommended action for CVE-2025-2596 is to update to the secure versions, as no official workaround is provided.
- collector/mitre-cve
- source/MITRE
- collector/nvd-api
- source/NVD
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/title
- agent/references
- agent/author
- agent/description
- agent/source
- agent/type
- agent/first-publish-date
- agent/event
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- vendor/checkmk gmbh
- canonical/checkmk