Werk #17996: Arbitrary file write with vcrtrace

Component	Checks & agents
Title	Arbitrary file write with vcrtrace
Date	Apr 30, 2025
Level	Trivial Change
Class	Security Fix
Compatibility	Compatible - no manual interaction needed
Checkmk versions & editions	2.5.0b1 Not yet released Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk Cloud (CCE), Checkmk MSP (CME) 2.4.0p1 Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk Cloud (CCE), Checkmk MSP (CME) 2.3.0p32 Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk Cloud (CCE), Checkmk MSP (CME) 2.2.0p42 Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk Cloud (CCE), Checkmk MSP (CME)

Previous to this Werk it was possible to inject arguments to the commandline of some checks and special agents. If the option --vcrtrace was injected the http traffic was dumped into a file given via this parameter. The path was not validated.

This vulnerability was identified in a commissioned penetration test conducted by PS Positive Security GmbH.

Affected Versions:

• 2.4.0 (beta)
• 2.3.0
• 2.2.0
• 2.1.0 (EOL)

Vulnerability Management:

We have rated the issue with a CVSS Score of 8.7 High (CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N) and assigned CVE-2025-1712.

To the list of all Werks