CVE-2025-53840
Last modified
CVE-2025-53840 is a low-severity vulnerability rated 2.4/10 on the CVSS scale. Icinga DB Web provides a graphical interface for Icinga monitoring. Starting in version 1.2.0 and prior to version 1.2.2, users with access to Icinga Dependency Views, are allowed to see hosts and services that they weren't meant to on the dependency map. EPSS estimates a 0.26% chance of exploitation in the next 30 days.
Description
Icinga DB Web provides a graphical interface for Icinga monitoring. Starting in version 1.2.0 and prior to version 1.2.2, users with access to Icinga Dependency Views, are allowed to see hosts and services that they weren't meant to on the dependency map. However, the name of an object will not be revealed nor does this grant access to a host's or service's detail view. Please note that this only affects the restrictions `filter/hosts` and `filter/services`. `filter/objects` is not affected by this and restricts objects as it is supposed to. Version 1.2.2 applies these restrictions properly. As a workaround, one may downgrade to version 1.1.3.
Metrics
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Icinga | Icinga Db Web | >= 1.2.0, < 1.2.2 |
References
- https://github.com/Icinga/icingadb-web/security/advisories/GHSA-q2w7-mrx8-5473Patch, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2025-53840?
How severe is CVE-2025-53840?
How do I fix CVE-2025-53840?
Are you affected by CVE-2025-53840?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST