CVE-2025-2596 Session logout can be overwritten by long lasting request

🗓️ 26 Mar 2025 10:51:16Reported by CheckmkType

Session logout in Checkmk versions can be overwritten by long requests before specified updates.

Reporter	Title	Published	Views	Family All 10
Circl	CVE-2025-2596	26 Mar 202513:53	–	circl
CNNVD	Checkmk 安全漏洞	26 Mar 202500:00	–	cnnvd
CVE	CVE-2025-2596	26 Mar 202510:51	–	cve
EUVD	EUVD-2025-8123	3 Oct 202520:07	–	euvd
NVD	CVE-2025-2596	26 Mar 202511:15	–	nvd
OSV	UBUNTU-CVE-2025-2596	26 Mar 202511:15	–	osv
RedhatCVE	CVE-2025-2596	28 Mar 202511:37	–	redhatcve
UbuntuCve	CVE-2025-2596	26 Mar 202511:15	–	ubuntucve
Tenable Nessus	Linux Distros Unpatched Vulnerability : CVE-2025-2596	2 Sep 202500:00	–	nessus
Vulnrichment	CVE-2025-2596 Session logout can be overwritten by long lasting request	26 Mar 202510:51	–	vulnrichment

[
  {
    "defaultStatus": "unaffected",
    "product": "Checkmk",
    "vendor": "Checkmk GmbH",
    "versions": [
      {
        "lessThan": "2.4.0b2",
        "status": "affected",
        "version": "2.4.0",
        "versionType": "semver"
      },
      {
        "lessThan": "2.3.0p30",
        "status": "affected",
        "version": "2.3.0",
        "versionType": "semver"
      },
      {
        "lessThan": "2.2.0p41",
        "status": "affected",
        "version": "2.2.0",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "2.1.0p50",
        "status": "affected",
        "version": "2.1.0",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
checkmk	www.checkmk.com/werk/17808

26 Mar 2025 10:51Current

CVSS 42.3

EPSS0.00236

CWE-613