CVE-2025-39666

EUVD-2025-209262
Local privilege escalation in Checkmk 2.2.0 (EOL), Checkmk 2.3.0 before 2.3.0p46, Checkmk 2.4.0 before 2.4.0p25, and Checkmk 2.5.0 (beta) before 2.5.0b3 allows a site user to escalate their privileges to root, by manipulating files in the site context that are processed when the `omd` administrative command is run by root.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
CheckmkCNA
9.3 CRITICAL
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
checkmkcheckmk
2.2.0
CNA
checkmkcheckmk
2.3.0 ≤
𝑥
≤ 2.3.0p45
CNA
checkmkcheckmk
2.4.0 ≤
𝑥
≤ 2.4.0p24
CNA
Common Weakness Enumeration
References
https://checkmk.com/werk/18891