Vulnerability Description
Icinga 2 is an open source monitoring system. From 2.10.0 to before 2.15.1, 2.14.7, and 2.13.13, the safe-reload script (also used during systemctl reload icinga2) and logrotate configuration shipped with Icinga 2 read the PID of the main Icinga 2 process from a PID file writable by the daemon user, but send the signal as the root user. This can allow the Icinga user to send signals to processes it would otherwise not permitted to. A fix is included in the following Icinga 2 versions: 2.15.1, 2.14.7, and 2.13.13.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Icinga | Icinga | >= 2.10.0, < 2.13.13 |
Related Weaknesses (CWE)
References
- https://github.com/Icinga/icinga2/commit/51ec73cbd922a76fc0f60e1d8d33acd7caa5d58Patch
- https://github.com/Icinga/icinga2/issues/10527Issue Tracking
- https://github.com/Icinga/icinga2/security/advisories/GHSA-pg6g-g99v-mw46PatchVendor Advisory
- https://icinga.com/blog/releasing-icinga-2-v2-15-1-2-14-7-and-2-13-13-and-icingaRelease Notes
FAQ
What is CVE-2025-61909?
CVE-2025-61909 is a vulnerability with a CVSS score of 4.4 (MEDIUM). Icinga 2 is an open source monitoring system. From 2.10.0 to before 2.15.1, 2.14.7, and 2.13.13, the safe-reload script (also used during systemctl reload icinga2) and logrotate configuration shipped ...
How severe is CVE-2025-61909?
CVE-2025-61909 has been rated MEDIUM with a CVSS base score of 4.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-61909?
Check the references section above for vendor advisories and patch information. Affected products include: Icinga Icinga.