Local Privilege Escalation Vulnerability in Checkmk by Tribe29
CVE-2025-39666

9.3CRITICAL

Key Information:

Vendor: Checkmk Gmbh
Status: Checkmk
Vendor: CVE Published:; 7 April 2026

🔔 Create Checkmk Gmbh Vulnerability Alert

What is CVE-2025-39666?

A local privilege escalation vulnerability exists in Checkmk which allows a site user to gain root privileges. This is achieved by leveraging file manipulations in the site context during the execution of the omd administrative command run by root. This issue affects various versions of Checkmk, creating a potential risk for systems utilizing these earlier releases.

Affected Version(s)

Checkmk 2.2.0

Checkmk 2.3.0 < 2.3.0p46

Checkmk 2.4.0 < 2.4.0p25

References

https://checkmk.com/werk/18891

vendor-advisory

CVSS V4

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 7, 2026
Vulnerability Reserved
Apr 16, 2025

CVE-2025-39666 Data

JSON