CVE-2025-61908

CVE-2025-61908

Name

CVE-2025-61908

Description

Icinga 2 is an open source monitoring system. From 2.10.0 to before 2.15.1, 2.14.7, and 2.13.13, when creating an invalid reference, such as a reference to null, dereferencing results in a segmentation fault. This can be used by any API user with access to an API endpoint that allows specifying a filter expression to crash the Icinga 2 daemon. A fix is included in the following Icinga 2 versions: 2.15.1, 2.14.7, and 2.13.13.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
MISC	https://github.com/Icinga/icinga2/pull/6521
CONFIRM	https://github.com/Icinga/icinga2/security/advisories/GHSA-v9jg-xqhj-f43g
MISC	https://icinga.com/blog/releasing-icinga-2-v2-15-1-2-14-7-and-2-13-13-and-icinga-db-web-v1-2-3-and-1-1-4

Type

URI

MISC

https://github.com/Icinga/icinga2/pull/6521

CONFIRM

https://github.com/Icinga/icinga2/security/advisories/GHSA-v9jg-xqhj-f43g

MISC

https://icinga.com/blog/releasing-icinga-2-v2-15-1-2-14-7-and-2-13-13-and-icinga-db-web-v1-2-3-and-1-1-4

Match rules

CPE URI	Source package	Min version	Max version
	icinga2	>=2.10.0	< 2.13.13
	icinga2	>=2.14.0	< 2.14.7
	icinga2	>=2.15.0	< 2.15.1
`cpe:2.3:a:icinga:icinga::::::::`	icinga	>= 2.10.0	< 2.13.13
`cpe:2.3:a:icinga:icinga::::::::`	icinga	>= 2.14.0	< 2.14.7
`cpe:2.3:a:icinga:icinga::::::::`	icinga	>= 2.15.0	< 2.15.1

CPE URI

Source package

Min version

Max version

icinga2

>=2.10.0

< 2.13.13

icinga2

>=2.14.0

< 2.14.7

icinga2

>=2.15.0

< 2.15.1

cpe:2.3:a:icinga:icinga:*:*:*:*:*:*:*:*

icinga

>= 2.10.0

< 2.13.13

cpe:2.3:a:icinga:icinga:*:*:*:*:*:*:*:*

icinga

>= 2.14.0

< 2.14.7

cpe:2.3:a:icinga:icinga:*:*:*:*:*:*:*:*

icinga

>= 2.15.0

< 2.15.1

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
icinga2	edge-community	2.15.0-r0	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
icinga2	edge-community	2.14.5-r1	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
icinga2	edge-community	2.14.5-r0	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
icinga2	edge-community	2.14.3-r0	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
icinga2	edge-community	2.13.1-r0	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
icinga2	edge-community	2.11.3-r1	None	possibly vulnerable
icinga2	3.22-community	2.14.5-r1	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
icinga2	3.22-community	2.14.3-r0	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
icinga2	3.22-community	2.13.1-r0	None	possibly vulnerable
icinga2	3.22-community	2.11.3-r1	None	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

icinga2

edge-community

2.15.0-r0

Francesco Colista <fcolista@alpinelinux.org>

possibly vulnerable

icinga2

edge-community