CVE-2025-32917
HIGHDescription
Privilege escalation in jar_signature agent plugin in Checkmk versions <2.4.0b7 (beta), <2.3.0p32, <2.2.0p42, and 2.1.0p49 (EOL) allow user with write access to JAVA_HOME/bin directory to escalate privileges.
Is your site exposed to CVE-2025-32917?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
| checkmk | checkmk |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2025-32917? +
How severe is CVE-2025-32917? +
What products are affected by CVE-2025-32917? +
How do I check if I'm vulnerable to CVE-2025-32917? +
Related Vulnerabilities
To allow builds of Python to be run from an in-tree layout (rather than an installed file layout), the VPATH …
A misconfiguration in lmadmin.exe of FlexNet Publisher versions prior to 2024 R1 (11.19.6.0) allows the OpenSSL configuration file to load …
Rufus is a utility that helps format and create bootable USB flash drives. A DLL hijacking vulnerability in Rufus 4.6.2208 …
DLL Search Order Hijacking vulnerability potentially allowed an attacker with administrator privileges to load a malicious dynamic-link library and execute …
Uncontrolled Search Path Element vulnerability in OpenText Secure Content Manager on Windows allows DLL Side-Loading.This issue affects Secure Content Manager: …
PSEvents.exe in multiple Panda Security products runs hourly with SYSTEM privileges and loads DLL files from a user-writable directory without …