CVE-2025-61667

Name of the Vulnerable Software and Affected Versions Datadog Agent versions 7.65.0 through 7.70.2

Description The Datadog Agent gathers events and metrics from hosts and transmits them to Datadog. A security issue exists in the Datadog Linux Host Agent due to inadequate permissions configured on the opt/datadog-agent/python-scripts/ pycache directory during installation. This directory’s contents are executed solely by the Agent during installation or upgrades. An attacker with local access could potentially modify files within this directory, leading to local privilege escalation when the Agent is upgraded. This requires local access to the host and a valid low privilege account. The vulnerability only affects the Linux Host Agent; other Agent variations, including those for containers, Kubernetes, and Windows hosts, are not impacted.

Recommendations Upgrade to Datadog Agent version 7.71.0 or later.