Home

Description

Icinga 2 is an open source monitoring system. From 2.10.0 to before 2.15.1, 2.14.7, and 2.13.13, the safe-reload script (also used during systemctl reload icinga2) and logrotate configuration shipped with Icinga 2 read the PID of the main Icinga 2 process from a PID file writable by the daemon user, but send the signal as the root user. This can allow the Icinga user to send signals to processes it would otherwise not permitted to. A fix is included in the following Icinga 2 versions: 2.15.1, 2.14.7, and 2.13.13.

PUBLISHED Reserved 2025-10-03 | Published 2025-10-16 | Updated 2025-10-16 | Assigner GitHub_M




MEDIUM: 4.0CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H

Problem types

CWE-250: Execution with Unnecessary Privileges

Product status

>=2.10.0, < 2.13.13
affected

>=2.14.0, < 2.14.7
affected

>=2.15.0, < 2.15.1
affected

References

github.com/...cinga2/security/advisories/GHSA-pg6g-g99v-mw46

github.com/Icinga/icinga2/issues/10527

github.com/...ommit/51ec73cbd922a76fc0f60e1d8d33acd7caa5d587

icinga.com/...and-2-13-13-and-icinga-db-web-v1-2-3-and-1-1-4

cve.org (CVE-2025-61909)

nvd.nist.gov (CVE-2025-61909)

Download JSON