PT-2025-41388 · Unknown+1 · Checkmk Windows Agent+2
Lisa Gnedt
·
Published
2025-10-09
·
Updated
2025-10-13
·
CVE-2025-32919
CVSS v4.0
8.8
High
| Vector | AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H |
Name of the Vulnerable Software and Affected Versions
Checkmk versions 2.1.0
Checkmk versions 2.2.0 through 2.2.0p45
Checkmk versions 2.3.0 through 2.3.0p37
Checkmk versions 2.4.0 through 2.4.0p12
Description
The Windows License plugin for the Checkmk Windows Agent contains a flaw related to the use of an insecure temporary directory, which can lead to privilege escalation.
Recommendations
Update to version 2.2.0p46 or later.
Update to version 2.3.0p38 or later.
Update to version 2.4.0p13 or later.
Exploit
Fix
LPE
Uncontrolled Search Path Element
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Checkmk
Checkmk Windows Agent
Windows License Plugin