CVE-2025-61909
Severity CVSS v4.0:
MEDIUM
Type:
Unavailable / Other
Publication date:
16/10/2025
Last modified:
29/10/2025
Description
Icinga 2 is an open source monitoring system. From 2.10.0 to before 2.15.1, 2.14.7, and 2.13.13, the safe-reload script (also used during systemctl reload icinga2) and logrotate configuration shipped with Icinga 2 read the PID of the main Icinga 2 process from a PID file writable by the daemon user, but send the signal as the root user. This can allow the Icinga user to send signals to processes it would otherwise not permitted to. A fix is included in the following Icinga 2 versions: 2.15.1, 2.14.7, and 2.13.13.
Impact
Base Score 4.0
4.00
Severity 4.0
MEDIUM
Base Score 3.x
4.40
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:icinga:icinga:*:*:*:*:*:*:*:* | 2.10.0 (including) | 2.13.13 (excluding) |
| cpe:2.3:a:icinga:icinga:*:*:*:*:*:*:*:* | 2.14.0 (including) | 2.14.7 (excluding) |
| cpe:2.3:a:icinga:icinga:2.15.0:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://github.com/Icinga/icinga2/commit/51ec73cbd922a76fc0f60e1d8d33acd7caa5d587
- https://github.com/Icinga/icinga2/issues/10527
- https://github.com/Icinga/icinga2/security/advisories/GHSA-pg6g-g99v-mw46
- https://icinga.com/blog/releasing-icinga-2-v2-15-1-2-14-7-and-2-13-13-and-icinga-db-web-v1-2-3-and-1-1-4