Information disclosure in Icinga Icinga_db_web

CVE-2025-53840

Icinga DB Web provides a graphical interface for Icinga monitoring. Starting in version 1.2.0 and prior to version 1.2.2, users with access to Icinga Dependency Views, are allowed to see hosts and services that they weren't meant to on the…

Vulnerability class: Information Disclosure

EPSS: 0.003 (17.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 2.4 (Low). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N.

Affected products

Weakness classification (CWE)

References

Frequently asked questions

What is CVE-2025-53840?
CVE-2025-53840 is a low-severity vulnerability in Icinga Icinga_db_web, classified under Information Disclosure. CVSS score: 2.4/10. Published 2025-07-16.
How severe is CVE-2025-53840?
Low severity. CVSS v3 base score is 2.4 out of 10.