CVE-2025-61667
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-11-12

Last updated on: 2025-11-12

Assigner: GitHub, Inc.

Description
The Datadog Agent collects events and metrics from hosts and sends them to Datadog. A vulnerability within the Datadog Linux Host Agent versions 7.65.0 through 7.70.2 exists due to insufficient permissions being set on the `opt/datadog-agent/python-scripts/__pycache__` directory during installation. Code in this directory is only run by the Agent during Agent install/upgrades. This could allow an attacker with local access to modify files in this directory, which would then subsequently be run when the Agent is upgraded, resulting in local privilege escalation. This issue requires local access to the host and a valid low privilege account to be vulnerable. Note that this vulnerability only impacts the Linux Host Agent. Other variations of the Agent including the container, kubernetes, windows host and other agents are not impacted. Version 7.71.0 contains a patch for the issue.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-11-12
Last Modified
2025-11-12
Generated
2026-05-07
AI Q&A
2025-11-13
EPSS Evaluated
2026-05-05
NVD
CVE-2025-61667
EUVD
EUVD-2025-150403
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
datadog datadog_agent 7.70.2
datadog datadog_agent 7.71.0
datadog datadog_agent 7.65.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-276 During installation, installed file permissions are set to allow anyone to modify those files.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in the Datadog Linux Host Agent versions 7.65.0 through 7.70.2 due to insufficient permissions on the `opt/datadog-agent/python-scripts/__pycache__` directory during installation. An attacker with local access and a low privilege account can modify files in this directory. These modified files are executed during Agent upgrades, allowing the attacker to escalate their privileges locally.


How can this vulnerability impact me? :

If exploited, this vulnerability can allow an attacker with local access and a low privilege account to escalate their privileges on the affected Linux host. This means the attacker could gain higher-level access than intended, potentially compromising the system's security and control.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

You can detect this vulnerability by checking the version of the Datadog Linux Host Agent installed on your system. The vulnerable versions are from 7.65.0 through 7.70.2. Additionally, you can inspect the permissions of the directory `opt/datadog-agent/python-scripts/__pycache__` to see if they are insufficiently restrictive, which could allow local modification. For example, you can run the following commands on the Linux host: 1) Check the agent version: `datadog-agent version` 2) Check directory permissions: `ls -ld /opt/datadog-agent/python-scripts/__pycache__` If the version is within the vulnerable range and the directory permissions are too permissive, your system is likely vulnerable.


What immediate steps should I take to mitigate this vulnerability?

The immediate mitigation step is to upgrade the Datadog Linux Host Agent to version 7.71.0 or later, as this version contains the patch that fixes the insufficient permissions issue on the `opt/datadog-agent/python-scripts/__pycache__` directory. Additionally, ensure that only trusted users have local access to the host, as the vulnerability requires local access with a valid low privilege account.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart