Information disclosure in Icinga Icinga2

CVE-2025-61907

Icinga 2 is an open source monitoring system. In Icinga 2 versions 2.4 through 2.15.0, filter expressions provided to the various /v1/objects endpoints could access variables or objects that would otherwise be inaccessible for the user. Th…

Vulnerability class: Information Disclosure

EPSS: 0.000 (13.7th percentile) — read the EPSS interpretation.

Affected products

Icinga Icinga2 — versions >= 2.15.0, < 2.15.1, >= 2.14.0, < 2.14.7, >= 2.4.0, < 2.13.13

Weakness classification (CWE)

References

https://github.com/Icinga/icinga2/security/advisories/GHSA-gg32-w9rm-vp2v (x_refsource_CONFIRM)
https://github.com/Icinga/icinga2/commit/56255ac7a689b9e198742d2fca6f7459a54c85a3 (x_refsource_MISC)