Home > Vulnerability Database > CVE-2025-53840

Mend.io Vulnerability Database

CVE-2025-53840

Good to know:

Date: July 16, 2025

Icinga DB Web provides a graphical interface for Icinga monitoring. Starting in version 1.2.0 and prior to version 1.2.2, users with access to Icinga Dependency Views, are allowed to see hosts and services that they weren't meant to on the dependency map. However, the name of an object will not be revealed nor does this grant access to a host's or service's detail view. Please note that this only affects the restrictions "filter/hosts" and "filter/services". "filter/objects" is not affected by this and restricts objects as it is supposed to. Version 1.2.2 applies these restrictions properly. As a workaround, one may downgrade to version 1.1.3.

Severity Score

2.4

Related Resources (4)

Url: https://github.com/Icinga/icingadb-web/security/advisories/GHSA-q2w7-mrx8-5473

Url: https://github.com/Icinga/icingadb-web/releases/tag/v1.2.2

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-53840

Url: https://www.mend.io/vulnerability-database/CVE-2025-53840

Severity Score

2.4

Weakness Type (CWE)

Exposure of Sensitive Information to an Unauthorized Actor

CWE-200

Top Fix

Upgrade Version

Upgrade to version https://github.com/Icinga/icingadb-web.git - v1.2.2

Learn More

CVSS v3.1

Base Score:	2.4
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	HIGH
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-53840

Good to know:

Date: July 16, 2025

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?