vulnerability

FreeBSD: VID-4553e4b3-addf-11f0-9b8d-40a6b7c3b3b8 (CVE-2025-61789): Hidden/Protected custom variables are prone to filter enumeration

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
6	(AV:N/AC:M/Au:S/C:C/I:N/A:N)	Oct 20, 2025	Dec 10, 2025	Dec 10, 2025

Severity

CVSS

(AV:N/AC:M/Au:S/C:C/I:N/A:N)

Published

Oct 20, 2025

Added

Dec 10, 2025

Modified

Dec 10, 2025

Description

Icinga reports: An authorized user with access to Icinga DB Web, can use a custom variable in a filter that is either protected by icingadb/protect/variables or hidden by icingadb/denylist/variables, to guess values assigned to it.

Solutions

freebsd-upgrade-package-icingaweb2-module-icingadb-php81freebsd-upgrade-package-icingaweb2-module-icingadb-php82freebsd-upgrade-package-icingaweb2-module-icingadb-php83freebsd-upgrade-package-icingaweb2-module-icingadb-php84freebsd-upgrade-package-icingaweb2-module-icingadb-php85

References

CVE-2025-61789
https://attackerkb.com/topics/CVE-2025-61789
CWE-204

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today