cvedb.io
CVE-2025-27405
HIGH · CVSS 7.6
EPSS exploitation probability: 0%
Published 2025-03-26T16:15:22.983 · Last modified 2026-06-17T09:03:31.560

Summary

Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. A vulnerability in versions prior to 2.11.5 and 2.12.13 allows an attacker to craft a URL that, once visited by any user, allows to embed arbitrary Javascript into Icinga Web and to act on behalf of that user. This issue has been resolved in versions 2.11.5 and 2.12.3 of Icinga Web 2. As a workaround, those who have Icinga Web 2.12.2 may enable a content security policy in the application settings.

Affected products

icinga — icinga_web_2

Does this affect you?

Add your gear to cvedb and we'll alert you only when icinga ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.