CVE-2025-32915 | THREATINT

Description

Packages downloaded by Checkmk's automatic agent updates on Linux and Solaris have incorrect permissions in Checkmk < 2.4.0p1, < 2.3.0p32, < 2.2.0p42 and <= 2.1.0p49 (EOL). This allows a local attacker to read sensitive data.

PUBLISHED Reserved 2025-04-14 | Published 2025-05-22 | Updated 2025-05-22 | Assigner Checkmk

MEDIUM: 4.3CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N

Problem types

CWE-732: Incorrect Permission Assignment for Critical Resource

Product status

Default status

unaffected

2.4.0 (semver) before 2.4.0p1

affected

2.3.0 (semver) before 2.3.0p32

affected

2.2.0 (semver) before 2.2.0p42

affected

2.1.0 (semver)

affected

References

checkmk.com/werk/17099

cve.org (CVE-2025-32915)

nvd.nist.gov (CVE-2025-32915)

Download JSON