NULL pointer dereference in Icinga Icinga2

CVE-2025-61908

Icinga 2 is an open source monitoring system. From 2.10.0 to before 2.15.1, 2.14.7, and 2.13.13, when creating an invalid reference, such as a reference to null, dereferencing results in a segmentation fault. This can be used by any API us…

EPSS: 0.001 (21.0th percentile) — read the EPSS interpretation.

Affected products

Icinga Icinga2 — versions >=2.10.0, < 2.13.13, >=2.14.0, < 2.14.7, >=2.15.0, < 2.15.1

Weakness classification (CWE)

CWE-476 — NULL Pointer Dereference

References

https://github.com/Icinga/icinga2/security/advisories/GHSA-v9jg-xqhj-f43g (x_refsource_CONFIRM)
https://github.com/Icinga/icinga2/pull/6521 (x_refsource_MISC)
https://icinga.com/blog/releasing-icinga-2-v2-15-1-2-14-7-and-2-13-13-and-icinga-db-web-v1-2-3-and-1-1-4 (x_refsource_MISC)