CVE-2025-32919

Опубликовано: 09 окт. 2025

Источник: nvd

CVSS3: 7.8

EPSS Низкий

Описание

Use of an insecure temporary directory in the Windows License plugin for the Checkmk Windows Agent allows Privilege Escalation. This issue affects Checkmk: from 2.4.0 before 2.4.0p13, from 2.3.0 before 2.3.0p38, from 2.2.0 before 2.2.0p46, and all versions of 2.1.0 (EOL).

Ссылки

https://checkmk.com/werk/18207
Vendor Advisory
https://github.com/sbaresearch/advisories/tree/public/2025/SBA-ADV-20250724-01_Checkmk_Agent_Privilege_Escalation_via_Insecure_Temporary_Files
Exploit
Third Party Advisory
http://seclists.org/fulldisclosure/2025/Oct/6
Exploit
Mailing List
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:checkmk:checkmk:*:*:*:*:*:*:*:*

Версия от 2.1.0 (включая) до 2.2.0 (исключая)

cpe:2.3:a:checkmk:checkmk:2.2.0:-:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.2.0:p1:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.2.0:p10:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.2.0:p11:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.2.0:p12:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.2.0:p13:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.2.0:p14:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.2.0:p16:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.2.0:p17:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.2.0:p18:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.2.0:p19:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.2.0:p21:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.2.0:p22:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.2.0:p23:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.2.0:p24:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.2.0:p25:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.2.0:p26:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.2.0:p27:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.2.0:p28:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.2.0:p29:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.2.0:p3:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.2.0:p30:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.2.0:p31:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.2.0:p32:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.2.0:p33:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.2.0:p34:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.2.0:p35:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.2.0:p36:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.2.0:p37:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.2.0:p38:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.2.0:p39:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.2.0:p4:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.2.0:p40:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.2.0:p41:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.2.0:p42:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.2.0:p43:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.2.0:p44:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.2.0:p45:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.2.0:p5:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.2.0:p6:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.2.0:p7:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.2.0:p8:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.2.0:p9:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.3.0:-:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.3.0:p1:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.3.0:p10:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.3.0:p11:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.3.0:p12:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.3.0:p13:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.3.0:p14:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.3.0:p15:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.3.0:p16:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.3.0:p17:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.3.0:p18:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.3.0:p19:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.3.0:p2:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.3.0:p20:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.3.0:p21:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.3.0:p22:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.3.0:p23:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.3.0:p24:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.3.0:p25:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.3.0:p26:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.3.0:p27:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.3.0:p28:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.3.0:p29:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.3.0:p3:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.3.0:p30:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.3.0:p31:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.3.0:p32:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.3.0:p33:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.3.0:p34:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.3.0:p35:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.3.0:p36:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.3.0:p37:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.3.0:p4:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.3.0:p5:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.3.0:p6:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.3.0:p7:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.3.0:p8:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.3.0:p9:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.4.0:-:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.4.0:p1:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.4.0:p10:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.4.0:p11:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.4.0:p12:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.4.0:p2:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.4.0:p3:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.4.0:p4:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.4.0:p5:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.4.0:p6:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.4.0:p7:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.4.0:p8:*:*:*:*:*:*

cpe:2.3:a:checkmk:checkmk:2.4.0:p9:*:*:*:*:*:*

EPSS

Процентиль: 7%

0.00028

Низкий

7.8 High

CVSS3

Дефекты

CWE-427

Связанные уязвимости

CVE-2025-32919

CVSS3: 7.8

ubuntu

4 месяца назад

GHSA-qrq7-92h2-m9mx

CVSS3: 7.8

github

4 месяца назад

EPSS

Процентиль: 7%

0.00028

Низкий

7.8 High

CVSS3

Дефекты

CWE-427