CVE-2025-30164

Published: Mar 26, 2025Modified: Aug 1, 2025

6.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.7

Source: NVD

Description

Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. A vulnerability in versions prior to 2.11.5 and 2.12.13 vulnerability allows an attacker to craft a URL that, once visited by an authenticated user (or one that is able to authenticate), allows to manipulate the backend to redirect the user to any location. This issue has been resolved in versions 2.11.5 and 2.12.3 of Icinga Web 2. No known workarounds are available.

Affected (2)

Products: Icinga: Icinga Web 2

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Icinga Icinga Web 2	Before 2.11.5
Icinga Icinga Web 2	From 2.12.0 to 2.12.3

Related CWEs

URL Redirection to Untrusted Site ('Open Redirect')

A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks.

References (3)

https://github.com/Icinga/icingaweb2/releases/tag/v2.11.5

Source: security-advisories@github.com

Release Notes

https://github.com/Icinga/icingaweb2/releases/tag/v2.12.3

Source: security-advisories@github.com

Release Notes

https://github.com/Icinga/icingaweb2/security/advisories/GHSA-8r73-6686-wv8q

Source: security-advisories@github.com

Vendor Advisory

Timeline

No history available yet.