CVE-2025-30164 — Open Redirect in Icingaweb2

CWE-601 — Open Redirect4 documents4 sources

Severity

6.1MEDIUMNVD

CNA4.1

EPSS

0.1%

top 76.62%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Icinga Icingaweb2 Icinga WEB 2

Timeline

PublishedMar 26

Description

Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. A vulnerability in versions prior to 2.11.5 and 2.12.13 vulnerability allows an attacker to craft a URL that, once visited by an authenticated user (or one that is able to authenticate), allows to manipulate the backend to redirect the user to any location. This issue has been resolved in versions 2.11.5 and 2.12.3 of Icinga Web 2. No known workarounds are available.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages3 packages

▶CVEListV5icinga/icingaweb2< 2.11.5+1

▶NVDicinga/icinga_web_22.12.0 — 2.12.3+1

▶Debianicinga/icingaweb2< 2.12.4-1+1

🔴Vulnerability Details

CVEList

Icinga Web 2 has open redirect on login page↗2025-03-26

▶

OSV

CVE-2025-30164: Icinga Web 2 is an open source monitoring web interface, framework and command-line interface↗2025-03-26

▶

📋Vendor Advisories

Debian

CVE-2025-30164: icingaweb2 - Icinga Web 2 is an open source monitoring web interface, framework and command-l...↗2025

▶