CVE-2025-61909

MEDIUM EPSS 9.4%
Published Oct 16, 20258mo ago · Modified Jun 17, 20262w ago
4.0 CVSS 4.0
Medium
Find Similar
Published Oct 16, 2025 8mo ago
Last Modified Jun 17, 2026 2w ago

Description

Icinga 2 is an open source monitoring system. From 2.10.0 to before 2.15.1, 2.14.7, and 2.13.13, the safe-reload script (also used during systemctl reload icinga2) and logrotate configuration shipped with Icinga 2 read the PID of the main Icinga 2 process from a PID file writable by the daemon user, but send the signal as the root user. This can allow the Icinga user to send signals to processes it would otherwise not permitted to. A fix is included in the following Icinga 2 versions: 2.15.1, 2.14.7, and 2.13.13.

CVSS Details

Base Score
4.0
Exploitability
Impact
Vector string
CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector Local
Attack Complexity Low
Privileges Required High
User Interaction None
Scope X

Threat Intelligence

EPSS Exploit Probability
9.4% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-250

Affected Products 3

VendorProductVersionRange
icingaicinga*≥2.10.0  –  <2.13.13
icingaicinga*≥2.14.0  –  <2.14.7
icingaicinga2.15.0any

References 4

  • github.com https://github.com/Icinga/icinga2/commit/51ec73cbd922a76fc0f60e1d8d33acd7caa5d587
    Patch
  • github.com https://github.com/Icinga/icinga2/issues/10527
    Issue Tracking
  • github.com https://github.com/Icinga/icinga2/security/advisories/GHSA-pg6g-g99v-mw46
    PatchVendor Advisory
  • icinga.com https://icinga.com/blog/releasing-icinga-2-v2-15-1-2-14-7-and-2-13-13-and-icinga-db-web-v1-2-3-and-1-1-4
    Release Notes

Remediation

  • github.com https://github.com/Icinga/icinga2/commit/51ec73cbd922a76fc0f60e1d8d33acd7caa5d587
    Patch
  • github.com https://github.com/Icinga/icinga2/security/advisories/GHSA-pg6g-g99v-mw46
    PatchVendor Advisory