Privilege Escalation in Checkmk Windows Agent due to Insecure Temporary Directory
CVE-2025-32919

8.8HIGH

Key Information:

Vendor: Checkmk Gmbh
Status: Checkmk
Vendor: CVE Published:; 9 October 2025

🔔 Create Checkmk Gmbh Vulnerability Alert

What is CVE-2025-32919?

The Checkmk Windows Agent features a vulnerability that exposes systems to privilege escalation due to the use of an insecure temporary directory. This flaw can allow unauthorized users to gain elevated privileges, potentially compromising the security of the affected systems. It is crucial for Checkmk users to be aware of this vulnerability and take action to protect their environments. Upgrading to the latest versions can help mitigate these risks.

Affected Version(s)

Checkmk 2.4.0 < 2.4.0p13

Checkmk 2.3.0 < 2.3.0p38

Checkmk 2.2.0 < 2.2.0p46

References

https://checkmk.com/werk/18207

vendor-advisory

https://github.com/sbaresearch/advisories/tree/public/202...

third-party-advisory

CVSS V4

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Oct 9, 2025
Vulnerability Reserved
Apr 14, 2025

Credit

Lisa Gnedt (SBA Research)

JSON