CVE-2025-61908
BaseFortify
Publication date: 2025-10-16
Last updated on: 2025-11-26
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| icinga | icinga | From 2.10.0 (inc) to 2.13.13 (exc) |
| icinga | icinga | From 2.14.0 (inc) to 2.14.7 (exc) |
| icinga | icinga | From 2.15.0 (inc) to 2.15.1 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-476 | The product dereferences a pointer that it expects to be valid but is NULL. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in Icinga 2 occurs when an invalid reference, such as a reference to null, is created. Dereferencing this invalid reference causes a segmentation fault, which can crash the Icinga 2 daemon. Any API user with access to an API endpoint that allows specifying a filter expression can exploit this to cause the crash.
How can this vulnerability impact me? :
The vulnerability can be exploited to crash the Icinga 2 daemon, leading to a denial of service. This could disrupt monitoring services and impact system availability.
What immediate steps should I take to mitigate this vulnerability?
Upgrade Icinga 2 to version 2.15.1, 2.14.7, or 2.13.13 or later, as these versions include the fix for this vulnerability.