CVE-2025-61907

High CVSS: 7.1

Icinga 2 is an open source monitoring system. In Icinga 2 versions 2.4 through 2.15.0, filter expressions provided to the various /v1/objects endpoints could access variables or objects that would otherwise be inaccessible for the user. This allows authenticated API users to learn information that should be hidden from them, including global variables not permitted by the variables permission and objects not permitted by the corresponding objects/query permissions. The vulnerability is fixed in versions 2.15.1, 2.14.7, and 2.13.13.

Vendor

Icinga

Product

Icinga

CWE

CWE-200

Yayın Tarihi

2025-10-16 18:15:37

Güncelleme

2025-11-26 15:04:24

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-200 Icinga HIGH Icinga 2025

Referanslar

https://github.com/Icinga/icinga2/commit/56255ac7a689b9e198742d2fca6f7459a54c85a3 https://github.com/Icinga/icinga2/security/advisories/GHSA-gg32-w9rm-vp2v

Benzer Kayıtlar

Medium

CVE-2026-24413

Icinga 2 is an open source monitoring system. Starting in version 2.3.0 and prior to versions 2.13.14, 2.14.8, and 2.15.…

Medium

CVE-2026-24414

The Icinga PowerShell Framework provides configuration and check possibilities to ensure integration and monitoring of W…

Medium

CVE-2025-61909

Icinga 2 is an open source monitoring system. From 2.10.0 to before 2.15.1, 2.14.7, and 2.13.13, the safe-reload script…

High

CVE-2025-61908

Icinga 2 is an open source monitoring system. From 2.10.0 to before 2.15.1, 2.14.7, and 2.13.13, when creating an invali…

Medium

CVE-2025-61789

Icinga DB Web provides a graphical interface for Icinga monitoring. Before 1.1.4 and 1.2.3, an authorized user with acce…

Low

CVE-2025-53840

Icinga DB Web provides a graphical interface for Icinga monitoring. Starting in version 1.2.0 and prior to version 1.2.2…