Access Control Issue in Icinga DB Web by Icinga
CVE-2025-53840

2.4LOW

Key Information:

Vendor: Icinga
Status: Icingadb-web
Vendor: CVE Published:; 16 July 2025

What is CVE-2025-53840?

Icinga DB Web, utilized for Icinga monitoring, has a vulnerability that permits users access to hosts and services they should not see on the dependency map starting from version 1.2.0 up until 1.2.1. This occurs due to inadequate filtering in the Icinga Dependency Views. Although object names remain concealed, unauthorized information exposure can still occur. Users are advised to either upgrade to version 1.2.2, which rectifies the issue, or revert to version 1.1.3 as a temporary solution.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

icingadb-web >= 1.2.0, < 1.2.2

References

https://github.com/Icinga/icingadb-web/security/advisorie...

x_refsource_CONFIRM

https://github.com/Icinga/icingadb-web/releases/tag/v1.2.2

x_refsource_MISC

CVSS V3.1

Score:

2.4

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jul 16, 2025
Vulnerability Reserved
Jul 9, 2025

JSON

Icinga