- Description
- Icinga Reporting is the central component for reporting related functionality in the monitoring web frontend and framework Icinga Web 2. A vulnerability present in versions 0.10.0 through 1.0.2 allows to set up a template that allows to embed arbitrary Javascript. This enables the attacker to act on behalf of the user, if the template is being previewed; and act on behalf of the headless browser, if a report using the template is printed to PDF. This issue has been resolved in version 1.0.3 of Icinga Reporting. As a workaround, review all templates and remove suspicious settings.
- Source
- security-advisories@github.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 7.6
- Impact score
- 6
- Exploitability score
- 1
- Vector string
- CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H
- Severity
- HIGH
- security-advisories@github.com
- CWE-79
- Hype score
- Not currently trending
🚨 CVE-2025-27406 🔴 HIGH (7.7) 🏢 Icinga - icingaweb2-module-reporting 🏗️ >= 0.10.0, < 1.0.3 🔗 https://t.co/gUm94yFGQf 🔗 https://t.co/WgFRYAwTZt #CyberCron #VulnAlert #InfoSec https://t.co/eLWHro8xOh
@cybercronai
27 Mar 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-27406 Icinga Reporting is the central component for reporting related functionality in the monitoring web frontend and framework Icinga Web 2. A vulnerability present in ve… https://t.co/HogllPXwZy
@CVEnew
26 Mar 2025
271 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes