PT-2025-42511 · Icinga 2+1 · Icinga 2+1

Published

2025-10-16

Updated

2025-11-26

CVE-2025-61907

CVSS v4.0

7.1

High

Vector

AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions Icinga 2 versions 2.4 through 2.15.0

Description Icinga 2 is an open source monitoring system. Filter expressions provided to the /v1/objects API endpoints could access variables or objects that would otherwise be inaccessible for the user. This allows authenticated API users to learn information that should be hidden from them, including global variables not permitted by the variables permission and objects not permitted by the corresponding objects/query permissions.

Recommendations Update to Icinga 2 version 2.15.1. Update to Icinga 2 version 2.14.7. Update to Icinga 2 version 2.13.13.

Exploit

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-204CWE-749CWE-200

Related Identifiers

CVE-2025-61907

GHSA-GG32-W9RM-VP2V

OPENSUSE-SU-2025:15644-1

Affected Products

Debian

Icinga 2

PT-2025-42511 · Icinga 2+1 · Icinga 2+1

CVE-2025-61907

Weakness Enumeration

Related Identifiers

Affected Products

References · 18