Icinga DB Web provides a graphical interface for Icinga monitoring. Before 1.1.4 and 1.2.3, an authorized user with access to Icinga DB Web, can use a custom variable in a filter that is either protected by icingadb/protect/variables or hidden by icingadb/denylist/variables, to guess values assigned to it. Versions 1.1.4 and 1.2.3 respond with an error if such a custom variable is used.
{
"cwe_ids": [
"CWE-204"
],
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/61xxx/CVE-2025-61789.json",
"cna_assigner": "GitHub_M"
}{
"cpe": "cpe:2.3:a:icinga:icinga_db_web:*:*:*:*:*:*:*:*",
"extracted_events": [
{
"introduced": "0"
},
{
"fixed": "1.1.4"
},
{
"introduced": "1.2.0"
},
{
"fixed": "1.2.3"
}
],
"source": [
"CPE_RANGE",
"REFERENCES"
]
}