Unrated severityNVD Advisory· Published Mar 26, 2025· Updated May 12, 2025
Icinga Web 2 has open redirect on login page
CVE-2025-30164
Description
Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. A vulnerability in versions prior to 2.11.5 and 2.12.13 vulnerability allows an attacker to craft a URL that, once visited by an authenticated user (or one that is able to authenticate), allows to manipulate the backend to redirect the user to any location. This issue has been resolved in versions 2.11.5 and 2.12.3 of Icinga Web 2. No known workarounds are available.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- Range: <2.11.5, <2.12.3
- Range: < 2.11.5
Patches
Vulnerability mechanics
References
3- github.com/Icinga/icingaweb2/releases/tag/v2.11.5mitrex_refsource_MISC
- github.com/Icinga/icingaweb2/releases/tag/v2.12.3mitrex_refsource_MISC
- github.com/Icinga/icingaweb2/security/advisories/GHSA-8r73-6686-wv8qmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.