CVE-2025-61667
中文标题:
(暂无数据)
英文标题:
Datadog Linux Host Agent affected by local privilege escalation due to insufficient pycache permissions
漏洞描述
中文描述:
(暂无数据)
英文描述:
The Datadog Agent collects events and metrics from hosts and sends them to Datadog. A vulnerability within the Datadog Linux Host Agent versions 7.65.0 through 7.70.2 exists due to insufficient permissions being set on the `opt/datadog-agent/python-scripts/__pycache__` directory during installation. Code in this directory is only run by the Agent during Agent install/upgrades. This could allow an attacker with local access to modify files in this directory, which would then subsequently be run when the Agent is upgraded, resulting in local privilege escalation. This issue requires local access to the host and a valid low privilege account to be vulnerable. Note that this vulnerability only impacts the Linux Host Agent. Other variations of the Agent including the container, kubernetes, windows host and other agents are not impacted. Version 7.71.0 contains a patch for the issue.
CWE类型:
标签:
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| DataDog | datadog-agent | >= 7.65.0 , < 7.71.0 | - | - |
cpe:2.3:a:datadog:datadog-agent:>=_7.65.0_,_<_7.71.0:*:*:*:*:*:*:*
|
解决方案
中文解决方案:
英文解决方案:
临时解决方案:
参考链接
cve.org
CVSS评分详情
4.0 (cna)
HIGHCVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
时间信息
利用信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2025-61667 |
2025-11-15 03:17:48 | 2026-01-12 02:12:11 |
| NVD | nvd_CVE-2025-61667 |
2025-11-15 03:18:45 | 2026-01-12 02:27:56 |
版本与语言
安全公告
变更历史
查看详细变更
- data_sources: ['cve'] -> ['cve', 'nvd']