Wiz
Vulnerability DatabaseCVE-2025-61909

CVE-2025-61909
Icinga vulnerability analysis and mitigation

Overview

CVE-2025-61909 affects Icinga 2, an open source monitoring system, from versions 2.10.0 to before 2.15.1, 2.14.7, and 2.13.13. The vulnerability was discovered and disclosed on October 16, 2025. The issue involves the safe-reload script and logrotate configuration that read the PID of the main Icinga 2 process from a PID file writable by the daemon user but send signals as the root user (GitHub Advisory).

Technical details

The vulnerability stems from a privilege escalation issue where the safe-reload script (used during systemctl reload icinga2) and logrotate configuration operate on a PID file that is writable by the daemon user while executing commands as root. The CVSS v4.0 score indicates a Medium severity with base metrics showing Local attack vector, Low attack complexity, Present attack requirements, High privileges required, and No user interaction needed (GitHub Advisory).

Impact

The vulnerability allows the Icinga user to send signals to processes it would otherwise not be permitted to access. This creates a potential privilege escalation path where the daemon user could trick root into sending signals to arbitrary processes in the system. The PID file could be replaced by a symbolic link or a named pipe, potentially leading to local denial-of-service against the reload invocation (GitHub Issue).

Mitigation and workarounds

The vulnerability has been patched in Icinga 2 versions 2.15.1, 2.14.7, and 2.13.13. For the logrotate configuration fix, users need to verify that /etc/logrotate.d/icinga2 uses the command "$DAEMON" internal signal --sig SIGHUP --pid "$pid" instead of kill -HUP "$pid". Due to package manager configuration file handling, manual verification and potential manual updates may be required if the file was previously modified locally (Icinga Blog).

Community reactions

The vulnerability was responsibly disclosed and acknowledged by Icinga, with credit given to Matthias Gerstner for finding and reporting the issue. The vendor promptly released security updates across multiple version branches to address the vulnerability (Icinga Blog).

Additional resources

SourceThis report was generated using AI

Related Icinga vulnerabilities:

CVE ID

Severity

Score

Technologies

Component name

CISA KEV exploit

Has fix

Published date

CVE-2025-48057CRITICAL9.3
  • IcingaIcinga
  • cpe:2.3:a:icinga:icinga
NoYesMay 27, 2025
CVE-2025-61908HIGH7.1
  • IcingaIcinga
  • cpe:2.3:a:icinga:icinga
NoYesOct 16, 2025
CVE-2025-61907HIGH7.1
  • IcingaIcinga
  • icinga2
NoYesOct 16, 2025
CVE-2025-23203MEDIUM5.5
  • IcingaIcinga
  • icingaweb2-module-director
NoYesMar 26, 2025
CVE-2025-61909MEDIUM4
  • IcingaIcinga
  • cpe:2.3:a:icinga:icinga
NoYesOct 16, 2025

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

Cloud Threat Landscape

A threat intelligence database

PEACH

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management
Get a demo