Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-61908

Icinga 2 is an open source monitoring system. From 2.10.0 to before 2.15.1, 2.14.7, and 2.13.13, when creating an invalid reference, such as a reference to null, dereferencing results in a segmentation fault. This can be used by any API user with access to an API endpoint that allows specifying a filter expression to crash the Icinga 2 daemon. A fix is included in the following Icinga 2 versions: 2.15.1, 2.14.7, and 2.13.13.

Published

2025-10-16T18:15:37.990

Last Modified

2025-11-26T14:57:15.493

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

Weaknesses

Type: Secondary
CWE-476

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	icinga	icinga	< 2.13.13	Yes
Application	icinga	icinga	< 2.14.7	Yes
Application	icinga	icinga	< 2.15.1	Yes

References

https://github.com/Icinga/icinga2/pull/6521 Patch ([email protected])
https://github.com/Icinga/icinga2/security/advisories/GHSA-v9jg-xqhj-f43g Patch, Vendor Advisory ([email protected])
https://icinga.com/blog/releasing-icinga-2-v2-15-1-2-14-7-and-2-13-13-and-icinga-db-web-v1-2-3-and-1-1-4 Release Notes ([email protected])