Segmentation Fault Vulnerability in Icinga 2 Monitoring System
CVE-2025-61908

7.1HIGH

Key Information:

Vendor: Icinga
Status: Icinga2
Vendor: CVE Published:; 16 October 2025

🔔 Create Icinga Vulnerability Alert

What is CVE-2025-61908?

Icinga 2, an open-source monitoring system, is susceptible to a segmentation fault due to invalid reference handling. Specifically, when users with API access create a filter expression that references a null pointer, it leads to a crash of the Icinga 2 daemon. This issue affects Icinga 2 versions from 2.10.0 to just before 2.15.1, including versions 2.14.7 and 2.13.13. To mitigate this vulnerability, updates have been released in Icinga 2 versions 2.15.1, 2.14.7, and 2.13.13.

Affected Version(s)

icinga2 >=2.10.0, < 2.13.13 < 2.10.0, 2.13.13

icinga2 >=2.14.0, < 2.14.7 < 2.14.0, 2.14.7

icinga2 >=2.15.0, < 2.15.1 < 2.15.0, 2.15.1

References

https://github.com/Icinga/icinga2/security/advisories/GHS...

x_refsource_CONFIRM

https://github.com/Icinga/icinga2/pull/6521

x_refsource_MISC

https://icinga.com/blog/releasing-icinga-2-v2-15-1-2-14-7...

x_refsource_MISC

CVSS V4

Score:

7.1

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 16, 2025
Vulnerability Reserved
Oct 3, 2025

.

CVE-2025-61908 : Segmentation Fault Vulnerability in Icinga 2 Monitoring System