Icinga 2 Open Source Monitoring System Vulnerability
CVE-2025-61909

4MEDIUM

Key Information:

Vendor

Icinga

Status
Icinga2
Vendor
CVE Published:
16 October 2025

What is CVE-2025-61909?

Icinga 2, an open-source monitoring system, has a vulnerability that allows the daemon user to interact with the system's main process inappropriately. The issue occurs due to the safe-reload script used during systemctl reload operations and the logrotate configuration, which read the PID from a writable file. This flaw allows the Icinga user to send signals to processes that would normally require root permissions, potentially leading to unauthorized command execution and process manipulation. Corrective updates addressing this vulnerability are included in versions 2.15.1, 2.14.7, and 2.13.13.

Affected Version(s)

icinga2 >=2.10.0, < 2.13.13 < 2.10.0, 2.13.13

icinga2 >=2.14.0, < 2.14.7 < 2.14.0, 2.14.7

icinga2 >=2.15.0, < 2.15.1 < 2.15.0, 2.15.1

References

https://github.com/Icinga/icinga2/security/advisories/GHS...
x_refsource_CONFIRM
https://github.com/Icinga/icinga2/issues/10527
x_refsource_MISC
https://github.com/Icinga/icinga2/commit/51ec73cbd922a76f...
x_refsource_MISC

CVSS V4

Score:
4
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-61909 : Icinga 2 Open Source Monitoring System Vulnerability