Description
Local privilege escalation in Checkmk 2.2.0 (EOL), Checkmk 2.3.0 before 2.3.0p46, Checkmk 2.4.0 before 2.4.0p25, and Checkmk 2.5.0 (beta) before 2.5.0b3 allows a site user to escalate their privileges to root, by manipulating files in the site context that are processed when the `omd` administrative command is run by root.
Published: 2026-04-07
Score: 9.3 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Local privilege escalation
Action: Apply Patch
AI Analysis

Impact

A flaw in the omd administrative command allows a site user to manipulate files in the site context that are processed when the command runs as root, enabling the user to gain root privileges. The vulnerability is caused by inadequate validation of external input and the use of privileged operations, corresponding to weaknesses CWE‑426 and CWE‑829. The attacker can elevate privileges locally without needing network access, leading to full system compromise if the vulnerability is exploited.

Affected Systems

The affected product is Checkmk from Checkmk GmbH. Versions impacted include Checkmk 2.2.0, all releases of 2.3.0 before patch 2.3.0p46, all releases of 2.4.0 before patch 2.4.0p25, and the beta releases of 2.5.0 before 2.5.0b3. Users of the EOL 2.2.0 or earlier releases are also at risk until they upgrade.

Risk and Exploitability

The CVSS score of 9.3 marks this as a critical vulnerability. Exploitation requires a site user with write access to the site context, which is usually available to authenticated users. The attack does not rely on network reachability, so it is a local privilege escalation scenario. EPSS data is unavailable and the vulnerability is not listed in CISA’s KEV catalog, but the high severity and local nature suggest that organizations should treat it as an imminent risk.

Generated by OpenCVE AI on April 7, 2026 at 19:40 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Checkmk to a non‑affected released version (at least 2.3.0p46, 2.4.0p25, or 2.5.0b3) or to a newer stable release.
  • Restrict file write permissions on the Checkmk site context directories to limit manipulation of files processed by omd commands.
  • Monitor file changes in the Checkmk site directories for suspicious activity.
  • Check vendor advisories for any additional patches or workarounds.

Generated by OpenCVE AI on April 7, 2026 at 19:40 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
Link Providers
https://checkmk.com/werk/18891 cve-icon cve-icon
History

Tue, 07 Apr 2026 15:15:00 +0000

Type Values Removed Values Added
Description Local privilege escalation in Checkmk 2.2.0 (EOL), Checkmk 2.3.0 before 2.3.0p46, Checkmk 2.4.0 before 2.4.0p25, and Checkmk 2.5.0 (beta) before 2.5.0b3 allows a site user to escalate their privileges to root, by manipulating files in the site context that are processed when the `omd` administrative command is run by root.
Title omd: Local privilege escalation when executing omd commands as root
First Time appeared Checkmk
Checkmk checkmk
Weaknesses CWE-426
CWE-829
CPEs cpe:2.3:a:checkmk:checkmk:*:*:*:*:*:*:*:*
cpe:2.3:a:checkmk:checkmk:2.2.0:*:*:*:*:*:*:*
Vendors & Products Checkmk
Checkmk checkmk
References
Metrics cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Subscriptions

Checkmk Checkmk
cve-icon MITRE

Status: PUBLISHED

Assigner: Checkmk

Published:

Updated: 2026-04-07T13:18:19.609Z

Reserved: 2025-04-16T07:07:38.257Z

Link: CVE-2025-39666

cve-icon Vulnrichment

Updated: 2026-04-07T13:18:16.178Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-07T13:16:44.847

Modified: 2026-04-07T13:20:11.643

Link: CVE-2025-39666

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-08T19:49:45Z

Weaknesses