Checkmk monitoring software: rights expansion gap in Windows version
The Checkmk monitoring software contains a vulnerability that allows attackers to extend their rights. An update is available.
(Image: heise online / dmk)
Checkmk warns of security vulnerabilities in the network monitoring software of the same name. One affects the Windows version and narrowly misses being categorised as a critical security risk, while one of the other leaks is unlikely to cause admins to lose any sleep.
In the release announcement for Checkmk 2.4.0p13, Checkmk 2.3.0p38, and Checkmk 2.2.0p46, which the developers published on Thursday of this week, the programmers name three security vulnerabilities that will be closed with the updates. The most serious is a vulnerability in the Windows versions. According to the vulnerability description, the use of an insecure temporary directory in the Windows license plugin for the Checkmk Windows Agent allows privilege escalation (CVE-2025-32919 / EUVD-2025-33350, CVSS 8.8, risk “high”).
Multiple vulnerabilities in monitoring software
In addition, logged-in users can abuse insufficient filtering of the report scheduler to specify storage locations for reports outside the actual root directory (CVE-2025-39664 / EUVD-2025-33348, CVSS 7.1, risk “high”). In HTTP get requests from Checkmk, sensitive data from forms can end up in the URL query parameter, which is logged in various places such as the browser history or the web server log files (CVE-2025-32916 / EUVD-2025-33351, CVSS 1.0, risk “low”).
Videos by heise
The security-relevant errors are ironed out by Checkmk in versions 2.4.0p13, 2.3.0p38, and 2.2.0p46. Checkmk 2.1.0 is also vulnerable but has reached the end of service. There is no longer an update for this. Admins should quickly install the available updates or migrate to versions that are still supported.
Last year, Checkmk had to seal a critical security vulnerability. It allowed attackers to bypass multi-factor authentication.
(dmk)
