प्लेटफ़ॉर्म
linux
घटक
checkmk
में ठीक किया गया
2.5.4
2.3.0p46
2.4.0p25
2.5.0b3
CVE-2025-39666 is a privilege escalation vulnerability discovered in Checkmk. This flaw allows a site user to escalate their privileges to root by manipulating files processed during the omd administrative command, which is typically run as root. The vulnerability affects Checkmk versions 2.2.0 (EOL), 2.3.0 before 2.3.0p46, 2.4.0 before 2.4.0p25, and 2.5.0 (beta) before 2.5.0b3. A fix is available in version 2.5.0b3.
Successful exploitation of CVE-2025-39666 allows an authenticated site user to gain root access on the Checkmk server. This represents a significant security risk, as a malicious actor with root privileges can compromise the entire system, including sensitive data, configuration files, and other critical resources. The attacker could install malware, modify system settings, or exfiltrate data without detection. The blast radius extends to any data or services hosted on the compromised Checkmk server, potentially impacting other systems within the network if Checkmk is used for monitoring those systems.
CVE-2025-39666 was publicly disclosed on 2026-04-07. There is currently no indication of active exploitation or a KEV listing. Public proof-of-concept code is not yet available, but the vulnerability's nature suggests that it could be relatively easy to exploit once a PoC is released. The EPSS score is pending evaluation.
Organizations using Checkmk for monitoring, particularly those with multiple site users and less restrictive file permissions, are at risk. Environments where the omd command is frequently used or accessible to a wide range of users are especially vulnerable. Legacy Checkmk installations running older, unsupported versions are also at increased risk.
• linux / server:
find /omd/sites/*/ -type f -perm -u=w -print0 | xargs -0 ls -l | grep 'site_user:'• linux / server:
journalctl -u checkmk_agent -g 'omd command' | grep -i error• linux / server:
ps aux | grep -i omddisclosure
एक्सप्लॉइट स्थिति
EPSS
0.02% (4% शतमक)
CISA SSVC
The primary mitigation for CVE-2025-39666 is to upgrade Checkmk to version 2.5.0b3 or later. If an immediate upgrade is not possible, restrict access to the omd command and carefully review any files processed by it. Implement strict file permissions on the site context directory to prevent unauthorized modifications. Consider using a Web Application Firewall (WAF) to filter potentially malicious requests targeting the omd command, although this is not a primary defense. After upgrading, confirm the fix by attempting to execute the omd command as a site user and verifying that privilege escalation is prevented.
Actualice Checkmk a la versión 2.5.4 o posterior para mitigar la vulnerabilidad. La actualización corrige la forma en que se procesan los archivos en el contexto del sitio, evitando la escalada de privilegios. Consulte las notas de la versión para obtener instrucciones detalladas de actualización.
भेद्यता विश्लेषण और गंभीर अलर्ट सीधे आपके ईमेल में।
CVE-2025-39666 is a vulnerability in Checkmk allowing a site user to gain root privileges by manipulating files processed by the omd command. It affects versions 2.2.0–2.5.0b3.
You are affected if you are running Checkmk versions 2.2.0 (EOL), 2.3.0 before 2.3.0p46, 2.4.0 before 2.4.0p25, or 2.5.0 (beta) before 2.5.0b3.
Upgrade Checkmk to version 2.5.0b3 or later. As a temporary workaround, restrict access to the omd command and review files processed by it.
There is currently no indication of active exploitation.
Refer to the official Checkmk security advisory for details and updates.
अपनी डिपेंडेंसी फ़ाइल अपलोड करें और तुरंत जानें कि यह CVE और अन्य आपको प्रभावित करती हैं या नहीं।