CVE Tools
Sign in

CVE-2025-48057

Icinga 2 certificate renewal might incorrectly renew an invalid certificate

Published: May 27, 2025Updated: Dec 5, 2025 Sources: CVE List NVDCWE-296
NVD MITRE
9.8CVSSCRITICAL
EPSS Score
0.4%
Top 67.1%
CISA KEV
Not in KEV
Exploits
No Known Exploits
Remediation
Patch Available

Description

Icinga 2 is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. Prior to versions 2.12.12, 2.13.12, and 2.14.6, the VerifyCertificate() function can be tricked into incorrectly treating certificates as valid. This allows an attacker to send a malicious certificate request that is then treated as a renewal of an already existing certificate, resulting in the attacker obtaining a valid certificate that can be used to impersonate trusted nodes. This only occurs when Icinga 2 is built with OpenSSL older than version 1.1.0. This issue has been patched in versions 2.12.12, 2.13.12, and 2.14.6.

CVSS Vector Breakdown

AV:NAC:LPR:NUI:NS:UC:HI:HA:H
Exploitability
AV:NAttack Vector
Network
AC:LAttack Complexity
Low
PR:NPrivileges Required
None
UI:NUser Interaction
None
Scope
S:UScope
Unchanged
Impact
C:HConfidentiality
High
I:HIntegrity
High
A:HAvailability
High
Open in CVSS calculator →

Weaknesses

CWE-296

Affected Products

icinga2Icinga
On-prem
Enterprise Software / itsm-monitoring
icingaicinga
On-prem
Enterprise Software / itsm-monitoring
icingaoss-projectUSEnterprise Softwareaka icinga web 2, icinga2, icinga

Exploitability

Official Patch Available

References

https://github.com/Icinga/icinga2/security/advisories/GHSA-7vcf-f5v9-3wr6
github.com
https://github.com/Icinga/icinga2/commit/34c93a2542bbe4e9886d15bc17ec929ead1aa152
github.com
https://github.com/Icinga/icinga2/commit/4023128be42b18a011dda71ddee9ca79955b89cb
github.com
and 3 more references View all →

Timeline

Published
May 27, 2025
Last Updated
Dec 5, 2025

Unlock Complete Vulnerability Intelligence

Get the full picture for CVE-2025-48057 and every CVE in our database. Create a free account — no credit card required.

Create Free Account
Plain-language analysis
Impact assessment and exploitation scenario in plain English
Attack graph visualization
Interactive attack path and kill chain mapping
Exploit details & PoC links
ExploitDB, Metasploit, GitHub PoCs with direct links
Nuclei scanner templates
Ready-to-use vulnerability scanner templates
Full remediation guide
Patch instructions, workarounds, and compliance impact
Interactive AI chat
Ask questions about this vulnerability in natural language
Related vulnerabilities
Semantically similar CVEs and attack patterns
REST API & MCP access
Integrate vulnerability data into your workflows