Description

Icinga DB Web provides a graphical interface for Icinga monitoring. Before 1.1.4 and 1.2.3, an authorized user with access to Icinga DB Web, can use a custom variable in a filter that is either protected by icingadb/protect/variables or hidden by icingadb/denylist/variables, to guess values assigned to it. Versions 1.1.4 and 1.2.3 respond with an error if such a custom variable is used.

INFO

Published Date :

2025-10-16T17:00:32.247Z

Last Modified :

2025-10-16T18:03:11.988Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-61789 vulnerability.

Vendors Products
Icinga
  • Icinga
  • Icinga Db Web
  • Icinga Web 2
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-61789.

URL Resource
https://github.com/Icinga/icingadb-web/commit/5e982dad40ec379075307ab1693580138e675b18 cve-icon cve-icon
https://github.com/Icinga/icingadb-web/security/advisories/GHSA-w57j-28jc-8429 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact