CVE-2025-48024

In BlueWave Checkmate before 2.1, an authenticated regular user can access sensitive application secrets via the /api/v1/settings endpoint.

Published Date :

Last Modified :

Source :

The following products are affected by CVE-2025-48024 vulnerability.

No data.

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-48024.

URL	Resource
https://github.com/bluewave-labs/Checkmate/commit/36d78a9aa4ed607ca1bd2b5fdaca5a3927b2d287
https://github.com/bluewave-labs/Checkmate/commit/7a855ef47adf2265121c236097059c7c6555fd7c
https://github.com/bluewave-labs/Checkmate/commit/91c2f7f0d5106bdfd4a0ff2c14b7e44acc3baee6
https://github.com/bluewave-labs/Checkmate/pull/2227
https://github.com/bluewave-labs/Checkmate/security/advisories/GHSA-jjmg-cjr4-439m

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact