Platform
linux
Component
checkmk
Fixed in
2.5.4
2.3.0p46
2.4.0p25
2.5.0b3
CVE-2025-39666 is a privilege escalation vulnerability discovered in Checkmk. This flaw allows a site user to escalate their privileges to root by manipulating files processed during the omd administrative command, which is typically run as root. The vulnerability affects Checkmk versions 2.2.0 (EOL), 2.3.0 before 2.3.0p46, 2.4.0 before 2.4.0p25, and 2.5.0 (beta) before 2.5.0b3. A fix is available in version 2.5.0b3.
Successful exploitation of CVE-2025-39666 allows an authenticated site user to gain root access on the Checkmk server. This represents a significant security risk, as a malicious actor with root privileges can compromise the entire system, including sensitive data, configuration files, and other critical resources. The attacker could install malware, modify system settings, or exfiltrate data without detection. The blast radius extends to any data or services hosted on the compromised Checkmk server, potentially impacting other systems within the network if Checkmk is used for monitoring those systems.
CVE-2025-39666 was publicly disclosed on 2026-04-07. There is currently no indication of active exploitation or a KEV listing. Public proof-of-concept code is not yet available, but the vulnerability's nature suggests that it could be relatively easy to exploit once a PoC is released. The EPSS score is pending evaluation.
Exploit Status
EPSS
0.02% (4% percentile)
CISA SSVC
The primary mitigation for CVE-2025-39666 is to upgrade Checkmk to version 2.5.0b3 or later. If an immediate upgrade is not possible, restrict access to the omd command and carefully review any files processed by it. Implement strict file permissions on the site context directory to prevent unauthorized modifications. Consider using a Web Application Firewall (WAF) to filter potentially malicious requests targeting the omd command, although this is not a primary defense. After upgrading, confirm the fix by attempting to execute the omd command as a site user and verifying that privilege escalation is prevented.
Update Checkmk to version 2.5.4 or later to mitigate the vulnerability. The update corrects how files in the site context are processed, preventing privilege escalation. See the release notes for detailed upgrade instructions.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-39666 is a vulnerability in Checkmk allowing a site user to gain root privileges by manipulating files processed by the omd command. It affects versions 2.2.0–2.5.0b3.
You are affected if you are running Checkmk versions 2.2.0 (EOL), 2.3.0 before 2.3.0p46, 2.4.0 before 2.4.0p25, or 2.5.0 (beta) before 2.5.0b3.
Upgrade Checkmk to version 2.5.0b3 or later. As a temporary workaround, restrict access to the omd command and review files processed by it.
There is currently no indication of active exploitation.
Refer to the official Checkmk security advisory for details and updates.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.