CVE-2025-48057

CRITICAL EPSS 33.1%
Published May 27, 20251y ago · Modified Jun 17, 20261w ago
9.3 CVSS 4.0
Critical
Find Similar
Published May 27, 2025 1y ago
Last Modified Jun 17, 2026 1w ago

Description

Icinga 2 is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. Prior to versions 2.12.12, 2.13.12, and 2.14.6, the VerifyCertificate() function can be tricked into incorrectly treating certificates as valid. This allows an attacker to send a malicious certificate request that is then treated as a renewal of an already existing certificate, resulting in the attacker obtaining a valid certificate that can be used to impersonate trusted nodes. This only occurs when Icinga 2 is built with OpenSSL older than version 1.1.0. This issue has been patched in versions 2.12.12, 2.13.12, and 2.14.6.

CVSS Details

Base Score
9.3
Exploitability
Impact
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope X

Threat Intelligence

EPSS Exploit Probability
33.1% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-296

Affected Products 3

VendorProductVersionRange
icingaicinga* <2.12.12
icingaicinga*≥2.13.0  –  <2.13.12
icingaicinga*≥2.14.0  –  <2.14.6

References 6

  • github.com https://github.com/Icinga/icinga2/commit/34c93a2542bbe4e9886d15bc17ec929ead1aa152
    Patch
  • github.com https://github.com/Icinga/icinga2/commit/4023128be42b18a011dda71ddee9ca79955b89cb
    Patch
  • github.com https://github.com/Icinga/icinga2/commit/60f75f4a3d5cbb234eb3694ba7e9076a1a5b8776
    Patch
  • github.com https://github.com/Icinga/icinga2/commit/9ad5683aab9eb392c6737ff46c830a945c9e240f
    Patch
  • github.com https://github.com/Icinga/icinga2/commit/9b2c05d0cc09210bdeade77cf9a73859250fc48d
    Patch
  • github.com https://github.com/Icinga/icinga2/security/advisories/GHSA-7vcf-f5v9-3wr6
    PatchVendor Advisory

Remediation

  • github.com https://github.com/Icinga/icinga2/commit/34c93a2542bbe4e9886d15bc17ec929ead1aa152
    Patch
  • github.com https://github.com/Icinga/icinga2/commit/4023128be42b18a011dda71ddee9ca79955b89cb
    Patch
  • github.com https://github.com/Icinga/icinga2/commit/60f75f4a3d5cbb234eb3694ba7e9076a1a5b8776
    Patch
  • github.com https://github.com/Icinga/icinga2/commit/9ad5683aab9eb392c6737ff46c830a945c9e240f
    Patch
  • github.com https://github.com/Icinga/icinga2/commit/9b2c05d0cc09210bdeade77cf9a73859250fc48d
    Patch
  • github.com https://github.com/Icinga/icinga2/security/advisories/GHSA-7vcf-f5v9-3wr6
    PatchVendor Advisory