Vulnerability Description
Icinga 2 is an open source monitoring system. From 2.10.0 to before 2.15.1, 2.14.7, and 2.13.13, when creating an invalid reference, such as a reference to null, dereferencing results in a segmentation fault. This can be used by any API user with access to an API endpoint that allows specifying a filter expression to crash the Icinga 2 daemon. A fix is included in the following Icinga 2 versions: 2.15.1, 2.14.7, and 2.13.13.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Icinga | Icinga | >= 2.10.0, < 2.13.13 |
Related Weaknesses (CWE)
References
- https://github.com/Icinga/icinga2/pull/6521Patch
- https://github.com/Icinga/icinga2/security/advisories/GHSA-v9jg-xqhj-f43gPatchVendor Advisory
- https://icinga.com/blog/releasing-icinga-2-v2-15-1-2-14-7-and-2-13-13-and-icingaRelease Notes
FAQ
What is CVE-2025-61908?
CVE-2025-61908 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Icinga 2 is an open source monitoring system. From 2.10.0 to before 2.15.1, 2.14.7, and 2.13.13, when creating an invalid reference, such as a reference to null, dereferencing results in a segmentatio...
How severe is CVE-2025-61908?
CVE-2025-61908 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-61908?
Check the references section above for vendor advisories and patch information. Affected products include: Icinga Icinga.