CVE-2025-48057

CVE-2025-48057

Name

CVE-2025-48057

Description

Icinga 2 is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. Prior to versions 2.12.12, 2.13.12, and 2.14.6, the VerifyCertificate() function can be tricked into incorrectly treating certificates as valid. This allows an attacker to send a malicious certificate request that is then treated as a renewal of an already existing certificate, resulting in the attacker obtaining a valid certificate that can be used to impersonate trusted nodes. This only occurs when Icinga 2 is built with OpenSSL older than version 1.1.0. This issue has been patched in versions 2.12.12, 2.13.12, and 2.14.6.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
MISC	https://github.com/Icinga/icinga2/commit/34c93a2542bbe4e9886d15bc17ec929ead1aa152
MISC	https://github.com/Icinga/icinga2/commit/4023128be42b18a011dda71ddee9ca79955b89cb
MISC	https://github.com/Icinga/icinga2/commit/60f75f4a3d5cbb234eb3694ba7e9076a1a5b8776
MISC	https://github.com/Icinga/icinga2/commit/9ad5683aab9eb392c6737ff46c830a945c9e240f
MISC	https://github.com/Icinga/icinga2/commit/9b2c05d0cc09210bdeade77cf9a73859250fc48d
CONFIRM	https://github.com/Icinga/icinga2/security/advisories/GHSA-7vcf-f5v9-3wr6

Type

URI

MISC

https://github.com/Icinga/icinga2/commit/34c93a2542bbe4e9886d15bc17ec929ead1aa152

MISC

https://github.com/Icinga/icinga2/commit/4023128be42b18a011dda71ddee9ca79955b89cb

MISC

https://github.com/Icinga/icinga2/commit/60f75f4a3d5cbb234eb3694ba7e9076a1a5b8776

MISC

https://github.com/Icinga/icinga2/commit/9ad5683aab9eb392c6737ff46c830a945c9e240f

MISC

https://github.com/Icinga/icinga2/commit/9b2c05d0cc09210bdeade77cf9a73859250fc48d

CONFIRM

https://github.com/Icinga/icinga2/security/advisories/GHSA-7vcf-f5v9-3wr6

Match rules

CPE URI	Source package	Min version	Max version
	icinga2	>= 2.14.0	< 2.14.6
	icinga2	>= 2.13.0	< 2.13.12
	icinga2	>= 0	< 2.12.12
`cpe:2.3:a:icinga:icinga::::::::`	icinga	>= None	< 2.12.12
`cpe:2.3:a:icinga:icinga::::::::`	icinga	>= 2.13.0	< 2.13.12
`cpe:2.3:a:icinga:icinga::::::::`	icinga	>= 2.14.0	< 2.14.6

CPE URI

Source package

Min version

Max version

icinga2

>= 2.14.0

< 2.14.6

icinga2

>= 2.13.0

< 2.13.12

icinga2

>= 0

< 2.12.12

cpe:2.3:a:icinga:icinga:*:*:*:*:*:*:*:*

icinga

>= None

< 2.12.12

cpe:2.3:a:icinga:icinga:*:*:*:*:*:*:*:*

icinga

>= 2.13.0

< 2.13.12

cpe:2.3:a:icinga:icinga:*:*:*:*:*:*:*:*

icinga

>= 2.14.0

< 2.14.6

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
icinga2	edge-community	2.14.5-r1	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
icinga2	edge-community	2.14.5-r0	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
icinga2	edge-community	2.14.3-r0	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
icinga2	edge-community	2.13.1-r0	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
icinga2	edge-community	2.11.3-r1	None	possibly vulnerable
icinga2	3.22-community	2.14.5-r1	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
icinga2	3.22-community	2.14.3-r0	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
icinga2	3.22-community	2.13.1-r0	None	possibly vulnerable
icinga2	3.22-community	2.11.3-r1	None	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

icinga2

edge-community

2.14.5-r1

Francesco Colista <fcolista@alpinelinux.org>

possibly vulnerable

icinga2

edge-community