PT-2026-30812 · Checkmk Gmbh+2 · Checkmk

Published

2026-04-07

Updated

2026-04-19

CVE-2025-39666

CVSS v4.0

9.3

Critical

Vector

AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Name of the Vulnerable Software and Affected Versions Checkmk version 2.2.0 Checkmk versions prior to 2.3.0p46 Checkmk versions prior to 2.4.0p25 Checkmk versions prior to 2.5.0b3

Description Local privilege escalation allows a site user to gain root privileges by manipulating files within the site context. This occurs when these files are processed during the execution of the omd administrative command by the root user.

Recommendations Update Checkmk 2.3.0 to version 2.3.0p46 or later. Update Checkmk 2.4.0 to version 2.4.0p25 or later. Update Checkmk 2.5.0 (beta) to version 2.5.0b3 or later. At the moment, there is no information about a newer version that contains a fix for Checkmk version 2.2.0 as it is EOL.

Fix

LPE

Untrusted Search Path

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-426CWE-829

Related Identifiers

CVE-2025-39666

Affected Products

Checkmk

PT-2026-30812 · Checkmk Gmbh+2 · Checkmk

CVE-2025-39666

Weakness Enumeration

Related Identifiers

Affected Products

References · 6