CVE-2025-30164: 
Linux Debian vulnerability analysis and mitigation

CVE-2025-30164 is a security vulnerability discovered in Icinga Web 2, an open source monitoring web interface, framework and command-line interface. The vulnerability affects versions prior to 2.11.5 and 2.12.13, allowing attackers to craft malicious URLs that can redirect authenticated users to arbitrary locations. This open redirect vulnerability was disclosed on March 26, 2025 (NVD, GitHub Advisory).

The vulnerability is classified as an Open Redirect (CWE-601) with a CVSS v3.1 base score of 4.1 (MEDIUM), using the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N. The attack requires network access, has low attack complexity, requires low privileges, and user interaction. While the scope is changed, it only affects integrity with low impact, with no impact on confidentiality or availability (GitHub Advisory).

When exploited, the vulnerability allows attackers to manipulate the backend to redirect authenticated users (or users able to authenticate) to any arbitrary location. This could potentially be used in phishing attacks or other malicious redirect scenarios (GitHub Advisory).

The vulnerability has been patched in Icinga Web 2 versions 2.11.5 and 2.12.3. No workarounds are available, making immediate upgrade to the patched versions the only solution (GitHub Release, GitHub Advisory).