Information Disclosure in Icinga DB Web by Icinga
CVE-2025-61789
5.3MEDIUM
What is CVE-2025-61789?
A vulnerability in Icinga DB Web enables an authorized user to exploit custom variables in filters, which may lead to the unintentional exposure of sensitive values. In versions prior to 1.1.4 and 1.2.3, users could manipulate these variables protected by specific configurations, potentially compromising data integrity. Fixed versions correctly handle such variables, returning errors to prevent unauthorized access.
Affected Version(s)
icingadb-web < 1.1.4 < 1.1.4
icingadb-web >= 1.2.0, < 1.2.3 < 1.2.0, 1.2.3