Get a Demo

Let's Patch It!

Book a short call with one our specialists, we'll walk you through how Endor Patches work, and ask you a few questions about your environment (like your primary programming languages and repository management). We'll also send you an email right after you fill out the form, feel free to reply with any questions you have in advance!

CVE

CVE-2025-61667

Datadog Linux Host Agent affected by local privilege escalation due to insufficient pycache permissions
Back to all
CVE

CVE-2025-61667

Datadog Linux Host Agent affected by local privilege escalation due to insufficient pycache permissions

The Datadog Agent collects events and metrics from hosts and sends them to Datadog. A vulnerability within the Datadog Linux Host Agent versions 7.65.0 through 7.70.2 exists due to insufficient permissions being set on the opt/datadog-agent/python-scripts/pycache directory during installation. Code in this directory is only run by the Agent during Agent install/upgrades.  This could allow an attacker with local access to modify files in this directory, which would then subsequently be run when the Agent is upgraded, resulting in local privilege escalation. This issue requires local access to the host and a valid low privilege account to be vulnerable. Note that this vulnerability only impacts the Linux Host Agent. Other variations of the Agent including the container, kubernetes, windows host and other agents are not impacted. Version 7.71.0 contains a patch for the issue.

Package Versions Affected

Package Version
patch Availability
No items found.

Automatically patch vulnerabilities without upgrading

Fix Without Upgrading
Detect compatible fix
Apply safe remediation
Fix with a single pull request

CVSS Version

Severity
Base Score
CVSS Version
Score Vector
C
H
U
7
-
4.0
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
C
H
U
0
-
C
H
U
-

Related Resources

No items found.

References

https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/61xxx/CVE-2025-61667.json, https://github.com/DataDog/datadog-agent/security/advisories/GHSA-6852-76c5-6cmg, https://nvd.nist.gov/vuln/detail/CVE-2025-61667

Severity

0

CVSS Score
0
10

Basic Information

Ecosystem
Base CVSS
0
EPSS Probability
0.00016%
EPSS Percentile
0.02749%
Introduced Version
6ce6e864fb1d16d5d492a8446b504449080a863e
Fix Available
d3d73218dbd3706d3e51d2f0ff9fa5e9f01638d7

Fix Critical Vulnerabilities Instantly

Secure your app without upgrading.
Fix Without Upgrading