Access Control Issue in Icinga DB Web by Icinga
CVE-2025-53840

2.4LOW

Key Information:

Vendor: Icinga
Status: Icingadb-web
Vendor: CVE Published:; 16 July 2025

What is CVE-2025-53840?

Icinga DB Web, utilized for Icinga monitoring, has a vulnerability that permits users access to hosts and services they should not see on the dependency map starting from version 1.2.0 up until 1.2.1. This occurs due to inadequate filtering in the Icinga Dependency Views. Although object names remain concealed, unauthorized information exposure can still occur. Users are advised to either upgrade to version 1.2.2, which rectifies the issue, or revert to version 1.1.3 as a temporary solution.

Affected Version(s)

icingadb-web >= 1.2.0, < 1.2.2

References

https://github.com/Icinga/icingadb-web/security/advisorie...

x_refsource_CONFIRM

https://github.com/Icinga/icingadb-web/releases/tag/v1.2.2

x_refsource_MISC

CVSS V3.1

Score:

2.4

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 16, 2025
Vulnerability Reserved
Jul 9, 2025