CVE Alert: CVE-2025-53840
Vulnerability Summary: CVE-2025-53840
Icinga DB Web provides a graphical interface for Icinga monitoring. Starting in version 1.2.0 and prior to version 1.2.2, users with access to Icinga Dependency Views, are allowed to see hosts and services that they weren’t meant to on the dependency map. However, the name of an object will not be revealed nor does this grant access to a host’s or service’s detail view. Please note that this only affects the restrictions `filter/hosts` and `filter/services`. `filter/objects` is not affected by this and restricts objects as it is supposed to. Version 1.2.2 applies these restrictions properly. As a workaround, one may downgrade to version 1.1.3.
Affected Endpoints:
No affected endpoints listed.
Published Date:
7/16/2025, 2:15:28 PM
❄️ CVSS Score:
Exploit Status:
Not ExploitedReferences:
- https://github.com/Icinga/icingadb-web/releases/tag/v1.2.2
- https://github.com/Icinga/icingadb-web/security/advisories/GHSA-q2w7-mrx8-5473
Recommended Action:
No proposed action available. Please refer to vendor documentation for updates.
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.
