PT-2025-12975 · Unknown+2 · Icinga Web 2+2

Moezbouzayani9

Published

2025-03-26

Updated

2025-08-21

CVE-2025-30164

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Icinga Web 2 versions prior to 2.11.5 Icinga Web 2 versions prior to 2.12.3

Description A vulnerability in Icinga Web 2 allows an attacker to craft a URL that, once visited by an authenticated user, manipulates the backend to redirect the user to any location. This issue has been resolved in versions 2.11.5 and 2.12.3 of Icinga Web 2.

Recommendations For versions prior to 2.11.5, update to version 2.11.5 or later. For versions prior to 2.12.3, update to version 2.12.3 or later.

Exploit

Fix

Open Redirect

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-601

Related Identifiers

ALT-PU-2025-10627

CVE-2025-30164

GHSA-8R73-6686-WV8Q

OPENSUSE-SU-2025:14931-1

Affected Products

Alt Linux

Debian

Icinga Web 2

PT-2025-12975 · Unknown+2 · Icinga Web 2+2

CVE-2025-30164

Weakness Enumeration

Related Identifiers

Affected Products

References · 20