QwikSec

Security Database

CVE

CWE

Training

CVE-2025-61908

Published: Oct 16, 2025

Modified: Oct 16, 2025

PUBLISHED

Description

Icinga 2 is an open source monitoring system. From 2.10.0 to before 2.15.1, 2.14.7, and 2.13.13, when creating an invalid reference, such as a reference to null, dereferencing results in a segmentation fault. This can be used by any API user with access to an API endpoint that allows specifying a filter expression to crash the Icinga 2 daemon. A fix is included in the following Icinga 2 versions: 2.15.1, 2.14.7, and 2.13.13.

Vendor	Product	Versions
Icinga	icinga2	affected `>=2.10.0, < 2.13.13` affected `>=2.14.0, < 2.14.7` affected `>=2.15.0, < 2.15.1`

Weaknesses (CWE)

References

https://github.com/Icinga/icinga2/security/advisories/GHSA-v9jg-xqhj-f43g

x_refsource_CONFIRM

https://github.com/Icinga/icinga2/pull/6521

x_refsource_MISC

https://icinga.com/blog/releasing-icinga-2-v2-15-1-2-14-7-and-2-13-13-and-icinga-db-web-v1-2-3-and-1-1-4

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.