CVE-2025-30164

Medium CVSS: 4.1

Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. A vulnerability in versions prior to 2.11.5 and 2.12.13 vulnerability allows an attacker to craft a URL that, once visited by an authenticated user (or one that is able to authenticate), allows to manipulate the backend to redirect the user to any location. This issue has been resolved in versions 2.11.5 and 2.12.3 of Icinga Web 2. No known workarounds are available.

Vendor

Icinga

Product

Icinga Web 2

CWE

CWE-601

Yayın Tarihi

2025-03-26 17:15:26

Güncelleme

2025-08-01 15:02:24

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-601 Icinga Web 2 MEDIUM Icinga 2025

Referanslar

https://github.com/Icinga/icingaweb2/releases/tag/v2.11.5 https://github.com/Icinga/icingaweb2/releases/tag/v2.12.3 https://github.com/Icinga/icingaweb2/security/advisories/GHSA-8r73-6686-wv8q

Benzer Kayıtlar

Medium

CVE-2026-24413

Icinga 2 is an open source monitoring system. Starting in version 2.3.0 and prior to versions 2.13.14, 2.14.8, and 2.15.…

Medium

CVE-2026-24414

The Icinga PowerShell Framework provides configuration and check possibilities to ensure integration and monitoring of W…

Medium

CVE-2025-61909

Icinga 2 is an open source monitoring system. From 2.10.0 to before 2.15.1, 2.14.7, and 2.13.13, the safe-reload script…

High

CVE-2025-61907

Icinga 2 is an open source monitoring system. In Icinga 2 versions 2.4 through 2.15.0, filter expressions provided to th…

High

CVE-2025-61908

Icinga 2 is an open source monitoring system. From 2.10.0 to before 2.15.1, 2.14.7, and 2.13.13, when creating an invali…

Medium

CVE-2025-61789

Icinga DB Web provides a graphical interface for Icinga monitoring. Before 1.1.4 and 1.2.3, an authorized user with acce…