Exposure of Sensitive System Information to an Unauthorized Control Sphere Affecting checkov package, versions [,3.2.449)

Q: How to fix?

Upgrade checkov to version 3.2.449 or higher.

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk IDSNYK-PYTHON-CHECKOV-11800951
published14 Aug 2025
disclosed13 Aug 2025
creditShashank Chaurasia

Report a new vulnerability Found a mistake?

Introduced: 13 Aug 2025

NewCVE-2025-2181 (opens in a new tab) CWE-497 (opens in a new tab)

How to fix?

Upgrade checkov to version 3.2.449 or higher.

Overview

checkov is an Infrastructure as code static analysis

Affected versions of this package are vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere when cloning external modules from private registries. An attacker can obtain sensitive access keys by reviewing the cleartext data present in the output.

References

CVSS Base Scores

version 4.0

version 3.1

Attack Vector (AV)
Network
Attack Complexity (AC)
Low
Attack Requirements (AT)
Present
Privileges Required (PR)
None
User Interaction (UI)
Passive

Confidentiality (VC)
High
Integrity (VI)
None
Availability (VA)
None

Confidentiality (SC)
Low
Integrity (SI)
Low
Availability (SA)
Low