PT-2025-22483 · Checkmk · Checkmk
Published
2025-05-22
·
Updated
2025-05-23
·
CVE-2025-32915
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Checkmk versions prior to 2.4.0p1
Checkmk versions prior to 2.3.0p32
Checkmk versions prior to 2.2.0p42
Checkmk versions prior to or equal to 2.1.0p49
Description
The issue arises from incorrect permissions of packages downloaded by Checkmk's automatic agent updates on Linux and Solaris. This allows a local attacker to read sensitive data.
Recommendations
For versions prior to 2.4.0p1, update to version 2.4.0p1 or later.
For versions prior to 2.3.0p32, update to version 2.3.0p32 or later.
For versions prior to 2.2.0p42, update to version 2.2.0p42 or later.
For versions prior to or equal to 2.1.0p49, update to a version later than 2.1.0p49, considering 2.1.0p49 is end-of-life.
Fix
Incorrect Permission
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Checkmk