Vulnerability in Icinga Icinga2
CVE-2025-48057
Icinga 2 is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. Prior to versions 2.12.12, 2.13.12, and 2.14.6, the VerifyCertificate() function c…
EPSS: 0.002 (42.6th percentile) — read the EPSS interpretation.
Affected products
- Icinga Icinga2 — versions >= 2.14.0, < 2.14.6, >= 2.13.0, < 2.13.12, < 2.12.12
Weakness classification (CWE)
Public proof-of-concept exploits
References
- https://github.com/Icinga/icinga2/security/advisories/GHSA-7vcf-f5v9-3wr6 (x_refsource_CONFIRM)
- https://github.com/Icinga/icinga2/commit/34c93a2542bbe4e9886d15bc17ec929ead1aa152 (x_refsource_MISC)
- https://github.com/Icinga/icinga2/commit/4023128be42b18a011dda71ddee9ca79955b89cb (x_refsource_MISC)
- https://github.com/Icinga/icinga2/commit/60f75f4a3d5cbb234eb3694ba7e9076a1a5b8776 (x_refsource_MISC)
- https://github.com/Icinga/icinga2/commit/9ad5683aab9eb392c6737ff46c830a945c9e240f (x_refsource_MISC)
- https://github.com/Icinga/icinga2/commit/9b2c05d0cc09210bdeade77cf9a73859250fc48d (x_refsource_MISC)
Frequently asked questions
- What is CVE-2025-48057?
- CVE-2025-48057 is a vulnerability in Icinga Icinga2, classified under Improper Following of a Certificate's Chain of Trust. Published 2025-05-27.
- Is CVE-2025-48057 known to be exploited?
- 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.