EXECUTIVE SUMMARY:
CVE-2025-39666 with a CVSS score of 9.3 is a critical-severity security vulnerability in the Checkmk monitoring platform, potentially allowing local users to seize full control of the host system. The flaw involves a local privilege escalation that occurs when administrative commands are executed with root privileges, specific to the omd (Open Monitoring Distribution) command, a core utility used to manage Checkmk sites. A user who already has access to modify the site context can place a malicious payload, which, when executed by a system administrator or an automated process as the root user, allows the site user to become root. This escalation can be triggered automatically by standard system operations such as post-update triggers and occurs when a user with site modification capabilities executes the omd command, gaining full control over the host system. Organizations using Checkmk are encouraged to verify the status of their installations immediately, as the vulnerability impacts any site where a user has the ability to modify the site context, posing significant business impact and consequences if exploited, including unauthorized access and potential data breaches.[/subscribe_to_unlock_form]
EXECUTIVE SUMMARY:
CVE-2025-39666 with a CVSS score of 9.3 is a critical-severity security vulnerability in the Checkmk monitoring platform, potentially allowing local users to seize full control of the host system. The flaw involves a local privilege escalation that occurs when administrative commands are executed with root privileges, specific to the omd (Open Monitoring Distribution) command, a core utility used to manage Checkmk sites. A user who already has access to modify the site context can place a malicious payload, which, when executed by a system administrator or an automated process as the root user, allows the site user to become root. This escalation can be triggered automatically by standard system operations such as post-update triggers and occurs when a user with site modification capabilities executes the omd command, gaining full control over the host system. Organizations using Checkmk are encouraged to verify the status of their installations immediately, as the vulnerability impacts any site where a user has the ability to modify the site context, posing significant business impact and consequences if exploited, including unauthorized access and potential data breaches.[emaillocker id="1283"]
RECOMMENDATION:
We recommend you update Checkmk to version 4.0.0p10 or later
REFERENCES:
The following reports contain further technical details:
https://securityonline.info/checkmk-cve-2025-39666-omd-privilege-escalation/