Browse all 28 CVE security advisories affecting Icinga. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Icinga is an open-source network monitoring system designed to track the availability and performance of IT infrastructure components, serving as a scalable alternative to Nagios. Its architecture relies on a master-satellite topology, allowing distributed monitoring across complex environments. Historically, security assessments have identified vulnerabilities primarily within its web interface and API components, with common flaw classes including cross-site scripting (XSS), improper access control, and remote code execution (RCE). These issues often stem from insufficient input validation or misconfigured permissions in older releases. While no single catastrophic breach has defined its public history, the accumulation of twenty-seven recorded CVEs highlights the necessity for rigorous patch management. Administrators must prioritize updating to mitigate risks associated with exposed endpoints, ensuring that the monitoring tool itself does not become an entry point for attackers seeking to compromise underlying network assets.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-61789 | Icinga DB Web hidden/protected custom variables are prone to filter enumeration — icingadb-webCWE-204 | 5.3 | Medium | 2025-10-16 |
| CVE-2025-53840 | Icinga DB Web Exposure of Sensitive Information to an Unauthorized Actor vulnerability — icingadb-webCWE-200 | 2.4 | Low | 2025-07-16 |
This page lists every published CVE security advisory associated with Icinga. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.