Information disclosure in Icinga Icinga_db_web
CVE-2025-53840
Icinga DB Web provides a graphical interface for Icinga monitoring. Starting in version 1.2.0 and prior to version 1.2.2, users with access to Icinga Dependency Views, are allowed to see hosts and services that they weren't meant to on the…
Vulnerability class: Information Disclosure
EPSS: 0.003 (17.3th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 2.4 (Low). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N.
Affected products
- Icinga Icinga_db_web
- Icinga Icingadb-web — versions >= 1.2.0, < 1.2.2
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_CONFIRM, Patch, Vendor Advisory)
- security-advisories@github.com (x_refsource_MISC, Release Notes)
Frequently asked questions
- What is CVE-2025-53840?
- CVE-2025-53840 is a low-severity vulnerability in Icinga Icinga_db_web, classified under Information Disclosure. CVSS score: 2.4/10. Published 2025-07-16.
- How severe is CVE-2025-53840?
- Low severity. CVSS v3 base score is 2.4 out of 10.