CVE-2025-61909
BaseFortify
Publication date: 2025-10-16
Last updated on: 2025-10-29
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| icinga | icinga | From 2.10.0 (inc) to 2.13.13 (exc) |
| icinga | icinga | From 2.14.0 (inc) to 2.14.7 (exc) |
| icinga | icinga | 2.15.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-250 | The product performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in Icinga 2 involves the safe-reload script and logrotate configuration reading the PID of the main Icinga 2 process from a PID file that is writable by the daemon user. Because the signal to reload is sent as the root user, this allows the Icinga user to send signals to processes it normally would not have permission to, potentially leading to unauthorized control over system processes.
How can this vulnerability impact me? :
The vulnerability can allow the Icinga user to send signals to processes it is not normally permitted to control. This could lead to unauthorized actions on system processes, potentially causing disruption, privilege escalation, or other unintended behavior on the affected system.
What immediate steps should I take to mitigate this vulnerability?
Update Icinga 2 to version 2.15.1, 2.14.7, or 2.13.13 or later, as these versions include the fix for this vulnerability.