CVE-2025-61907 — MEDIUM (6.5)

Q: How severe is CVE-2025-61907?

CVE-2025-61907 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2025-61907?

Check the references section above for vendor advisories and patch information. Affected products include: Icinga Icinga.

Vulnerability Description

Icinga 2 is an open source monitoring system. In Icinga 2 versions 2.4 through 2.15.0, filter expressions provided to the various /v1/objects endpoints could access variables or objects that would otherwise be inaccessible for the user. This allows authenticated API users to learn information that should be hidden from them, including global variables not permitted by the variables permission and objects not permitted by the corresponding objects/query permissions. The vulnerability is fixed in versions 2.15.1, 2.14.7, and 2.13.13.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Icinga	Icinga	>= 2.4.0, < 2.13.13

Related Weaknesses (CWE)

CWE-749 CWE-200 CWE-204

References

FAQ

What is CVE-2025-61907?

CVE-2025-61907 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Icinga 2 is an open source monitoring system. In Icinga 2 versions 2.4 through 2.15.0, filter expressions provided to the various /v1/objects endpoints could access variables or objects that would oth...

How severe is CVE-2025-61907?

CVE-2025-61907 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-61907?

Check the references section above for vendor advisories and patch information. Affected products include: Icinga Icinga.