Plattform
linux
Komponente
checkmk
Behoben in
2.5.4
2.3.0p46
2.4.0p25
2.5.0b3
CVE-2025-39666 is a privilege escalation vulnerability discovered in Checkmk. This flaw allows a site user to escalate their privileges to root by manipulating files processed during the omd administrative command, which is typically run as root. The vulnerability affects Checkmk versions 2.2.0 (EOL), 2.3.0 before 2.3.0p46, 2.4.0 before 2.4.0p25, and 2.5.0 (beta) before 2.5.0b3. A fix is available in version 2.5.0b3.
Successful exploitation of CVE-2025-39666 allows a site user, a user with limited privileges within the Checkmk environment, to escalate their privileges to root. This grants the attacker complete control over the affected system, including the ability to install malware, access sensitive data, and modify system configurations. The attack involves manipulating files processed during the execution of the omd command, which runs with root privileges. Given Checkmk's role in monitoring critical infrastructure, a successful root compromise could lead to widespread disruption and data breaches. This vulnerability highlights the importance of secure file handling practices and timely patching in monitoring systems.
CVE-2025-39666 was published on 2026-04-07. The vulnerability's exploitation probability is currently pending evaluation. No public proof-of-concept (POC) code has been publicly released as of this writing. Monitor security advisories and threat intelligence feeds for any indications of active exploitation campaigns targeting Checkmk.
Organizations using Checkmk for monitoring, particularly those with multiple site users and less restrictive file permissions, are at risk. Environments where the omd command is frequently used or accessible to a wide range of users are especially vulnerable. Legacy Checkmk installations running older, unsupported versions are also at increased risk.
• linux / server:
find /omd/sites/*/ -type f -perm -u=w -print0 | xargs -0 ls -l | grep 'site_user:'• linux / server:
journalctl -u checkmk_agent -g 'omd command' | grep -i error• linux / server:
ps aux | grep -i omddisclosure
Exploit-Status
EPSS
0.02% (4% Perzentil)
CISA SSVC
The primary mitigation for CVE-2025-39666 is to upgrade Checkmk to version 2.5.0b3 or later. If an immediate upgrade is not feasible, consider restricting access to the omd command and implementing stricter file permissions within the site context to limit the attacker's ability to manipulate files. Regularly review and audit file access logs for suspicious activity. While a direct workaround isn't available, limiting the scope of the omd command's execution can reduce the potential impact. After upgrading, confirm the fix by attempting to execute the omd command as a site user and verifying that privilege escalation is prevented.
Actualice Checkmk a la versión 2.5.4 o posterior para mitigar la vulnerabilidad. La actualización corrige la forma en que se procesan los archivos en el contexto del sitio, evitando la escalada de privilegios. Consulte las notas de la versión para obtener instrucciones detalladas de actualización.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-39666 is a vulnerability in Checkmk allowing a site user to gain root privileges by manipulating files processed by the omd command. It affects versions 2.2.0–2.5.0b3.
You are affected if you are running Checkmk versions 2.2.0 (EOL), 2.3.0 before 2.3.0p46, 2.4.0 before 2.4.0p25, or 2.5.0 (beta) before 2.5.0b3.
Upgrade Checkmk to version 2.5.0b3 or later. As a temporary workaround, restrict access to the omd command and review files processed by it.
There is currently no indication of active exploitation.
Refer to the official Checkmk security advisory for details and updates.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.