Vulnerability Details CVE-2025-61789
Icinga DB Web provides a graphical interface for Icinga monitoring. Before 1.1.4 and 1.2.3, an authorized user with access to Icinga DB Web, can use a custom variable in a filter that is either protected by icingadb/protect/variables or hidden by icingadb/denylist/variables, to guess values assigned to it. Versions 1.1.4 and 1.2.3 respond with an error if such a custom variable is used.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 12.6%
CVSS Severity
CVSS v3 Score 5.3
References
Products affected by CVE-2025-61789
-
cpe:2.3:a:icinga:icinga_db_web:1.0.0
-
cpe:2.3:a:icinga:icinga_db_web:1.0.1
-
cpe:2.3:a:icinga:icinga_db_web:1.0.2
-
cpe:2.3:a:icinga:icinga_db_web:1.1.0
-
cpe:2.3:a:icinga:icinga_db_web:1.1.1
-
cpe:2.3:a:icinga:icinga_db_web:1.1.2
-
cpe:2.3:a:icinga:icinga_db_web:1.1.3
-
cpe:2.3:a:icinga:icinga_db_web:1.2.0
-
cpe:2.3:a:icinga:icinga_db_web:1.2.1
-
cpe:2.3:a:icinga:icinga_db_web:1.2.2