Werk #18207: Fix security vulnerability in win_license.bat plugin

Component Agent bakery
Title Fix security vulnerability in win_license.bat plugin
Date Aug 21, 2025
Level Trivial Change
Class Security Fix
Compatibility Compatible - no manual interaction needed
Checkmk versions & editions
2.4.0p13 Checkmk Enterprise (CEE), Checkmk Cloud (CCE), Checkmk MSP (CME)
2.3.0p38 Checkmk Enterprise (CEE), Checkmk Cloud (CCE), Checkmk MSP (CME)
2.2.0p46 Checkmk Enterprise (CEE), Checkmk Cloud (CCE), Checkmk MSP (CME)

On Windows hosts to force the English output from the win_license.bat plugin, special copying logic is used (this way, the default slmgr.vbs script cannot find the language files). As the script is copied to a global, unprotected location, every user has access to edit this script. This can be exploited for malicious intent. To eliminate this vulnerability, the slmgr.vbs script is copied to the protected location in %SystemDrive%\ProgramData\checkmk\agent\tmp and is deleted afterwards.

Note: Only users who use the Windows License plug-in are affected by this issue.

We thank Lisa Gnedt (SBA Research) for reporting this issue.

Affected Versions:

  • 2.4.0
  • 2.3.0
  • 2.2.0
  • 2.1.0 (EOL)

Mitigations:

If you cannot update, disable the Windows License plug-in.

Vulnerability Management:

We have rated the issue with a CVSS Score of 8.8 High (CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H) and assigned CVE-2025-32919.

To the list of all Werks