UBUNTU-CVE-2025-61907
- Source
- https://ubuntu.com/security/CVE-2025-61907
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-61907.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2025-61907
- Upstream
- Published
- 2025-10-16T18:15:00Z
- Modified
- 2026-05-20T16:23:40.535482583Z
- Severity
-
- 7.1 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N CVSS Calculator
- 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Ubuntu - medium
- Summary
- [none]
- Details
-
Icinga 2 is an open source monitoring system. In Icinga 2 versions 2.4 through 2.15.0, filter expressions provided to the various /v1/objects endpoints could access variables or objects that would otherwise be inaccessible for the user. This allows authenticated API users to learn information that should be hidden from them, including global variables not permitted by the variables permission and objects not permitted by the corresponding objects/query permissions. The vulnerability is fixed in versions 2.15.1, 2.14.7, and 2.13.13.
- References
-
- https://ubuntu.com/security/CVE-2025-61907
- https://www.cve.org/CVERecord?id=CVE-2025-61907
- https://github.com/Icinga/icinga2/security/advisories/GHSA-gg32-w9rm-vp2v
- https://icinga.com/blog/releasing-icinga-2-v2-15-1-2-14-7-and-2-13-13-and-icinga-db-web-v1-2-3-and-1-1-4/
- https://github.com/Icinga/icinga2/commit/56255ac7a689b9e198742d2fca6f7459a54c85a3
Affected packages
Ubuntu:16.04:LTS
icinga2
Package
- Name
- icinga2
- Purl
- pkg:deb/ubuntu/icinga2?arch=source&distro=xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_version": "2.4.1-2ubuntu1",
"binary_name": "icinga2"
},
{
"binary_version": "2.4.1-2ubuntu1",
"binary_name": "icinga2-bin"
},
{
"binary_version": "2.4.1-2ubuntu1",
"binary_name": "icinga2-classicui"
},
{
"binary_version": "2.4.1-2ubuntu1",
"binary_name": "icinga2-common"
},
{
"binary_version": "2.4.1-2ubuntu1",
"binary_name": "icinga2-ido-mysql"
},
{
"binary_version": "2.4.1-2ubuntu1",
"binary_name": "icinga2-ido-pgsql"
},
{
"binary_version": "2.4.1-2ubuntu1",
"binary_name": "icinga2-studio"
},
{
"binary_version": "2.4.1-2ubuntu1",
"binary_name": "libicinga2"
},
{
"binary_version": "2.4.1-2ubuntu1",
"binary_name": "vim-icinga2"
}
]
}Ubuntu:18.04:LTS
icinga2
Package
- Name
- icinga2
- Purl
- pkg:deb/ubuntu/icinga2?arch=source&distro=bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_version": "2.8.1-0ubuntu2",
"binary_name": "icinga2"
},
{
"binary_version": "2.8.1-0ubuntu2",
"binary_name": "icinga2-bin"
},
{
"binary_version": "2.8.1-0ubuntu2",
"binary_name": "icinga2-classicui"
},
{
"binary_version": "2.8.1-0ubuntu2",
"binary_name": "icinga2-common"
},
{
"binary_version": "2.8.1-0ubuntu2",
"binary_name": "icinga2-ido-mysql"
},
{
"binary_version": "2.8.1-0ubuntu2",
"binary_name": "icinga2-ido-pgsql"
},
{
"binary_version": "2.8.1-0ubuntu2",
"binary_name": "icinga2-studio"
},
{
"binary_version": "2.8.1-0ubuntu2",
"binary_name": "libicinga2"
},
{
"binary_version": "2.8.1-0ubuntu2",
"binary_name": "vim-icinga2"
}
]
}Ubuntu:20.04:LTS
icinga2
Package
- Name
- icinga2
- Purl
- pkg:deb/ubuntu/icinga2?arch=source&distro=focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_version": "2.11.2-1ubuntu3",
"binary_name": "icinga2"
},
{
"binary_version": "2.11.2-1ubuntu3",
"binary_name": "icinga2-bin"
},
{
"binary_version": "2.11.2-1ubuntu3",
"binary_name": "icinga2-common"
},
{
"binary_version": "2.11.2-1ubuntu3",
"binary_name": "icinga2-ido-mysql"
},
{
"binary_version": "2.11.2-1ubuntu3",
"binary_name": "icinga2-ido-pgsql"
},
{
"binary_version": "2.11.2-1ubuntu3",
"binary_name": "vim-icinga2"
}
]
}Ubuntu:22.04:LTS
icinga2
Package
- Name
- icinga2
- Purl
- pkg:deb/ubuntu/icinga2?arch=source&distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_version": "2.13.2-1build2",
"binary_name": "icinga2"
},
{
"binary_version": "2.13.2-1build2",
"binary_name": "icinga2-bin"
},
{
"binary_version": "2.13.2-1build2",
"binary_name": "icinga2-common"
},
{
"binary_version": "2.13.2-1build2",
"binary_name": "icinga2-ido-mysql"
},
{
"binary_version": "2.13.2-1build2",
"binary_name": "icinga2-ido-pgsql"
},
{
"binary_version": "2.13.2-1build2",
"binary_name": "vim-icinga2"
}
]
}Ubuntu:24.04:LTS
icinga2
Package
- Name
- icinga2
- Purl
- pkg:deb/ubuntu/icinga2?arch=source&distro=noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_version": "2.14.2-1build2",
"binary_name": "icinga2"
},
{
"binary_version": "2.14.2-1build2",
"binary_name": "icinga2-bin"
},
{
"binary_version": "2.14.2-1build2",
"binary_name": "icinga2-common"
},
{
"binary_version": "2.14.2-1build2",
"binary_name": "icinga2-ido-mysql"
},
{
"binary_version": "2.14.2-1build2",
"binary_name": "icinga2-ido-pgsql"
},
{
"binary_version": "2.14.2-1build2",
"binary_name": "vim-icinga2"
}
]
}Ubuntu:25.10
icinga2
Package
- Name
- icinga2
- Purl
- pkg:deb/ubuntu/icinga2?arch=source&distro=questing
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_version": "2.15.0-1",
"binary_name": "icinga2"
},
{
"binary_version": "2.15.0-1",
"binary_name": "icinga2-bin"
},
{
"binary_version": "2.15.0-1",
"binary_name": "icinga2-common"
},
{
"binary_version": "2.15.0-1",
"binary_name": "icinga2-ido-mysql"
},
{
"binary_version": "2.15.0-1",
"binary_name": "icinga2-ido-pgsql"
},
{
"binary_version": "2.15.0-1",
"binary_name": "vim-icinga2"
}
]
}Ubuntu:26.04:LTS
icinga2
Package
- Name
- icinga2
- Purl
- pkg:deb/ubuntu/icinga2?arch=source&distro=resolute
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_version": "2.15.1-1",
"binary_name": "icinga2"
},
{
"binary_version": "2.15.1-1",
"binary_name": "icinga2-bin"
},
{
"binary_version": "2.15.1-1",
"binary_name": "icinga2-common"
},
{
"binary_version": "2.15.1-1",
"binary_name": "icinga2-ido-mysql"
},
{
"binary_version": "2.15.1-1",
"binary_name": "icinga2-ido-pgsql"
},
{
"binary_version": "2.15.1-1",
"binary_name": "vim-icinga2"
}
]
}