CVE-2025-30164

Source
https://nvd.nist.gov/vuln/detail/CVE-2025-30164
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-30164.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-30164
Aliases
  • GHSA-8r73-6686-wv8q
Related
Published
2025-03-26T17:15:26Z
Modified
2025-03-31T05:52:52.982030Z
Downstream
Summary
[none]
Details

Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. A vulnerability in versions prior to 2.11.5 and 2.12.13 vulnerability allows an attacker to craft a URL that, once visited by an authenticated user (or one that is able to authenticate), allows to manipulate the backend to redirect the user to any location. This issue has been resolved in versions 2.11.5 and 2.12.3 of Icinga Web 2. No known workarounds are available.

References

Affected packages

Debian:11 / icingaweb2

Package

Name
icingaweb2
Purl
pkg:deb/debian/icingaweb2?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.8.2-2
2.8.3-1~exp1
2.8.4-1~exp1
2.8.4-1
2.8.5-1
2.9.3-1~exp1
2.9.3-1
2.9.4-1
2.9.5-1
2.9.6-1
2.10.0-1~exp1
2.10.1-1
2.10.2-1
2.11.0-1
2.11.0-2
2.11.0-3
2.11.0-4
2.11.1-1
2.11.2-1
2.11.2-2
2.11.3-1
2.11.4-1
2.11.4-2
2.11.4-3
2.12.0-1~exp1
2.12.0-1
2.12.1-1
2.12.2-1
2.12.4-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / icingaweb2

Package

Name
icingaweb2
Purl
pkg:deb/debian/icingaweb2?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.11.4-2
2.11.4-2+deb12u1
2.11.4-3
2.12.0-1~exp1
2.12.0-1
2.12.1-1
2.12.2-1
2.12.4-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / icingaweb2

Package

Name
icingaweb2
Purl
pkg:deb/debian/icingaweb2?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.12.4-1

Affected versions

2.*

2.11.4-2
2.11.4-3
2.12.0-1~exp1
2.12.0-1
2.12.1-1
2.12.2-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}