Werk #18207: Fix security vulnerability in win_license.bat plugin
Component | Agent bakery | ||||||
Title | Fix security vulnerability in win_license.bat plugin | ||||||
Date | Aug 21, 2025 | ||||||
Level | Trivial Change | ||||||
Class | Security Fix | ||||||
Compatibility | Compatible - no manual interaction needed | ||||||
Checkmk versions & editions |
|
On Windows hosts to force the English output from the win_license.bat
plugin,
special copying logic is used (this way, the default slmgr.vbs
script cannot find the language files).
As the script is copied to a global, unprotected location, every user has access to edit this script.
This can be exploited for malicious intent.
To eliminate this vulnerability, the slmgr.vbs
script is copied to the protected location
in %SystemDrive%\ProgramData\checkmk\agent\tmp
and is deleted afterwards.
Note: Only users who use the Windows License plug-in are affected by this issue.
We thank Lisa Gnedt (SBA Research) for reporting this issue.
Affected Versions:
- 2.4.0
- 2.3.0
- 2.2.0
- 2.1.0 (EOL)
Mitigations:
If you cannot update, disable the Windows License plug-in.
Vulnerability Management:
We have rated the issue with a CVSS Score of 8.8 High (CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
) and assigned CVE-2025-32919
.