CVE-2025-48057Improper Following of a Certificate's Chain of Trust in Icinga2

CWE-296Improper Following of a Certificate's Chain of Trust4 documents4 sources
Severity
9.3CRITICALNVD
EPSS
0.2%
top 57.29%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Icinga Icinga2Icinga
Timeline
PublishedMay 27

Description

Icinga 2 is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. Prior to versions 2.12.12, 2.13.12, and 2.14.6, the VerifyCertificate() function can be tricked into incorrectly treating certificates as valid. This allows an attacker to send a malicious certificate request that is then treated as a renewal of an already existing certificate, resulting in the attacker obtaining a valid certificate that can

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L

Affected Packages3 packages

NVDicinga/icinga2.13.02.13.12+2
CVEListV5icinga/icinga2< 2.12.12+2
Debianicinga/icinga2< 2.14.6-1+1

Patches

Patch: github.comPatch: github.comPatch: github.com

🔴Vulnerability Details

2
CVEList
Icinga 2 certificate renewal might incorrectly renew an invalid certificate2025-05-27
OSV
CVE-2025-48057: Icinga 2 is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for repo2025-05-27

📋Vendor Advisories

1
Debian
CVE-2025-48057: icinga2 - Icinga 2 is a monitoring system which checks the availability of network resourc...2025
CVE-2025-48057 — Icinga Icinga2 vulnerability | cvebase