CVE-2025-48057

Name of the Vulnerable Software and Affected Versions Icinga 2 versions prior to 2.12.12 Icinga 2 versions prior to 2.13.12 Icinga 2 versions prior to 2.14.6

Description The issue affects Icinga 2, a monitoring system that checks network resource availability and generates performance data. It allows an attacker to obtain a valid certificate by tricking the VerifyCertificate() function into treating malicious certificates as valid. This occurs when Icinga 2 is built with OpenSSL older than version 1.1.0, such as on RHEL 7 or Amazon Linux 2. The attacker can then use the valid certificate to impersonate trusted nodes.

Recommendations For versions prior to 2.12.12, update to version 2.12.12 or later. For versions prior to 2.13.12, update to version 2.13.12 or later. For versions prior to 2.14.6, update to version 2.14.6 or later. As a temporary workaround, consider checking the OpenSSL version with icinga2 --version | grep OpenSSL and updating Icinga 2 if affected.