VYPR
Get started
← All advisories
Medium severity5.0NVD Advisory· Published May 15, 2025· Updated Apr 15, 2026

CVE-2025-48024

CVE-2025-48024

Description

In BlueWave Checkmate before 2.1, an authenticated regular user can access sensitive application secrets via the /api/v1/settings endpoint.

Patches

5
36d78a9aa4ed
https://github.com/bluewave-labs/checkmatevia osv
7a855ef47adf
https://github.com/bluewave-labs/checkmatevia osv
91c2f7f0d510
https://github.com/bluewave-labs/checkmatevia osv
915a2b30b847
https://github.com/bluewave-labs/checkmatevia osv
1c02c15c049f
https://github.com/bluewave-labs/checkmatevia osv
PR #2227

Vulnerability mechanics

Synthesis attempt was rejected by the grounding validator. Re-run pending.

References

5

News mentions

0

No linked articles in our index yet.