Unrated severityNVD Advisory· Published Oct 16, 2025· Updated Oct 16, 2025

Icinga 2 signals sent as root to processes based on PID file written by the Icinga 2 daemon user

CVE-2025-61909

Description

Icinga 2 is an open source monitoring system. From 2.10.0 to before 2.15.1, 2.14.7, and 2.13.13, the safe-reload script (also used during systemctl reload icinga2) and logrotate configuration shipped with Icinga 2 read the PID of the main Icinga 2 process from a PID file writable by the daemon user, but send the signal as the root user. This can allow the Icinga user to send signals to processes it would otherwise not permitted to. A fix is included in the following Icinga 2 versions: 2.15.1, 2.14.7, and 2.13.13.

Affected products

Icinga/Icinga2v5
Range: >=2.10.0, < 2.13.13

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/Icinga/icinga2/commit/51ec73cbd922a76fc0f60e1d8d33acd7caa5d587mitrex_refsource_MISC
github.com/Icinga/icinga2/issues/10527mitrex_refsource_MISC
github.com/Icinga/icinga2/security/advisories/GHSA-pg6g-g99v-mw46mitrex_refsource_CONFIRM
icinga.com/blog/releasing-icinga-2-v2-15-1-2-14-7-and-2-13-13-and-icinga-db-web-v1-2-3-and-1-1-4mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000