PT-2025-42499 · Unknown+1 · Icinga Db Web+1
Published
2025-10-16
·
Updated
2025-12-11
·
CVE-2025-61789
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Icinga DB Web versions prior to 1.1.4
Icinga DB Web versions prior to 1.2.3
Description
Icinga DB Web offers a graphical interface for Icinga monitoring. An authorized user with access to Icinga DB Web can utilize a custom variable within a filter—even if that variable is protected or hidden—to deduce its assigned values. Versions 1.1.4 and 1.2.3 prevent this by returning an error when such a custom variable is used.
Recommendations
Update Icinga DB Web to version 1.1.4 or later.
Update Icinga DB Web to version 1.2.3 or later.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Debian
Icinga Db Web