Important: Icinga2 security update
Type/Severity
NetEye Product Security has rated this update as having a High security impact.
Topic
An update for the icinga2 packages is now available for NetEye 4.
Security Fix for NetEye 4.44
2.15.1_neteye1.61.3-1
CVEs
- CVE-2025-61907: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N
- CVE-2025-61908: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
- CVE-2025-61909: CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H
The CVEs include three different vulnerabilities: an Information Disclosure, a Denial of Service and a Limited Privilege Escalation.
For a detailed overview of the security issues, including the impact, CVSS score, acknowledgments, and other relevant information, please refer to the official Icinga release notes and to the links provided in the References section below.
For details on how to apply this update, which includes the changes described in this advisory, refer to the NetEye Update Section in the User Guide.
Affected Products
All NetEye 4.x versions >=4.3.
References
- https://neteye.guide/current/security-policy/bugfix-policy.html#severity-levels
- https://icinga.com/blog/releasing-icinga-2-v2-15-1-2-14-7-and-2-13-13-and-icinga-db-web-v1-2-3-and-1-1-4/
- https://github.com/Icinga/icinga2/security/advisories/GHSA-gg32-w9rm-vp2v
- https://github.com/Icinga/icinga2/security/advisories/GHSA-v9jg-xqhj-f43g
- https://github.com/Icinga/icinga2/security/advisories/GHSA-pg6g-g99v-mw46
Full Stack Developer at Wuerth Phoenix. I love questioning myself, find new challenges to learn and new adventures to grow up. PHP lover trying to expand my skills studying new languages and tools to improve my professional life.
Author
Latest posts by Gianluca Piccolo
12. 11. 2024
Bug Fixes
NetEye 4 – Security Advisory