CVE-2025-61909

CVE-2025-61909

Name

CVE-2025-61909

Description

Icinga 2 is an open source monitoring system. From 2.10.0 to before 2.15.1, 2.14.7, and 2.13.13, the safe-reload script (also used during systemctl reload icinga2) and logrotate configuration shipped with Icinga 2 read the PID of the main Icinga 2 process from a PID file writable by the daemon user, but send the signal as the root user. This can allow the Icinga user to send signals to processes it would otherwise not permitted to. A fix is included in the following Icinga 2 versions: 2.15.1, 2.14.7, and 2.13.13.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
MISC	https://github.com/Icinga/icinga2/commit/51ec73cbd922a76fc0f60e1d8d33acd7caa5d587
MISC	https://github.com/Icinga/icinga2/issues/10527
CONFIRM	https://github.com/Icinga/icinga2/security/advisories/GHSA-pg6g-g99v-mw46
MISC	https://icinga.com/blog/releasing-icinga-2-v2-15-1-2-14-7-and-2-13-13-and-icinga-db-web-v1-2-3-and-1-1-4

Type

URI

MISC

https://github.com/Icinga/icinga2/commit/51ec73cbd922a76fc0f60e1d8d33acd7caa5d587

MISC

https://github.com/Icinga/icinga2/issues/10527

CONFIRM

https://github.com/Icinga/icinga2/security/advisories/GHSA-pg6g-g99v-mw46

MISC

https://icinga.com/blog/releasing-icinga-2-v2-15-1-2-14-7-and-2-13-13-and-icinga-db-web-v1-2-3-and-1-1-4

Match rules

CPE URI	Source package	Min version	Max version
	icinga2	>=2.10.0	< 2.13.13
	icinga2	>=2.14.0	< 2.14.7
	icinga2	>=2.15.0	< 2.15.1
`cpe:2.3:a:icinga:icinga::::::::`	icinga	>= 2.10.0	< 2.13.13
`cpe:2.3:a:icinga:icinga::::::::`	icinga	>= 2.14.0	< 2.14.7
`cpe:2.3:a:icinga:icinga:2.15.0:::::::*`	icinga	== None	== 2.15.0

CPE URI

Source package

Min version

Max version

icinga2

>=2.10.0

< 2.13.13

icinga2

>=2.14.0

< 2.14.7

icinga2

>=2.15.0

< 2.15.1

cpe:2.3:a:icinga:icinga:*:*:*:*:*:*:*:*

icinga

>= 2.10.0

< 2.13.13

cpe:2.3:a:icinga:icinga:*:*:*:*:*:*:*:*

icinga

>= 2.14.0

< 2.14.7

cpe:2.3:a:icinga:icinga:2.15.0:*:*:*:*:*:*:*

icinga

== None

== 2.15.0

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
icinga2	edge-community	2.15.0-r0	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
icinga2	edge-community	2.14.5-r1	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
icinga2	edge-community	2.14.5-r0	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
icinga2	edge-community	2.14.3-r0	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
icinga2	edge-community	2.13.1-r0	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
icinga2	edge-community	2.11.3-r1	None	possibly vulnerable
icinga2	3.22-community	2.14.5-r1	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
icinga2	3.22-community	2.14.3-r0	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
icinga2	3.22-community	2.13.1-r0	None	possibly vulnerable
icinga2	3.22-community	2.11.3-r1	None	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

icinga2

edge-community

2.15.0-r0

Francesco Colista <fcolista@alpinelinux.org>

possibly vulnerable

icinga2

edge-community