CVE-2025-48057 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2025-48057 Interim 1 4 2025-08-13T23:16:01Z current 2025-05-28T23:12:16Z 2025-08-13T23:16:01Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2025-48057 Icinga 2 is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. Prior to versions 2.12.12, 2.13.12, and 2.14.6, the VerifyCertificate() function can be tricked into incorrectly treating certificates as valid. This allows an attacker to send a malicious certificate request that is then treated as a renewal of an already existing certificate, resulting in the attacker obtaining a valid certificate that can be used to impersonate trusted nodes. This only occurs when Icinga 2 is built with OpenSSL older than version 1.1.0. This issue has been patched in versions 2.12.12, 2.13.12, and 2.14.6. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.suse.com/pipermail/sle-updates/2025-August/041198.html E-Mail link for SUSE-SU-2025:02783-1 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/PMOYZI6ZEZAH5LWUMEKA4PQC52MM7SME/ E-Mail link for openSUSE-SU-2025:15180-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise Module for HPC 12 SUSE Linux Enterprise Module for HPC 12 SUSE Linux Enterprise Module for HPC 12 SUSE Linux Enterprise Module for HPC 12 SUSE Linux Enterprise Module for HPC 12 SUSE Linux Enterprise Module for HPC 12 SUSE Linux Enterprise Module for HPC 12 SUSE Linux Enterprise Module for HPC 12 SUSE Linux Enterprise Module for HPC 12 SUSE Linux Enterprise Module for HPC 12 SUSE Linux Enterprise Module for HPC 12 SUSE Linux Enterprise Module for HPC 12 openSUSE Tumbleweed icinga2-2.14.6-1.1 icinga2-2.8.2-3.11.2 icinga2-bin-2.14.6-1.1 icinga2-bin-2.8.2-3.11.2 icinga2-common-2.14.6-1.1 icinga2-common-2.8.2-3.11.2 icinga2-doc-2.14.6-1.1 icinga2-doc-2.8.2-3.11.2 icinga2-ido-mysql-2.14.6-1.1 icinga2-ido-mysql-2.8.2-3.11.2 icinga2-ido-pgsql-2.14.6-1.1 icinga2-ido-pgsql-2.8.2-3.11.2 icinga2-libs-2.8.2-3.11.2 nano-icinga2-2.14.6-1.1 vim-icinga2-2.14.6-1.1 vim-icinga2-2.8.2-3.11.2 icinga2-2.8.2-3.11.2 as a component of SUSE Linux Enterprise Module for HPC 12 icinga2-bin-2.8.2-3.11.2 as a component of SUSE Linux Enterprise Module for HPC 12 icinga2-common-2.8.2-3.11.2 as a component of SUSE Linux Enterprise Module for HPC 12 icinga2-doc-2.8.2-3.11.2 as a component of SUSE Linux Enterprise Module for HPC 12 icinga2-ido-mysql-2.8.2-3.11.2 as a component of SUSE Linux Enterprise Module for HPC 12 icinga2-ido-pgsql-2.8.2-3.11.2 as a component of SUSE Linux Enterprise Module for HPC 12 icinga2-libs-2.8.2-3.11.2 as a component of SUSE Linux Enterprise Module for HPC 12 vim-icinga2-2.8.2-3.11.2 as a component of SUSE Linux Enterprise Module for HPC 12 icinga2-2.14.6-1.1 as a component of openSUSE Tumbleweed icinga2-bin-2.14.6-1.1 as a component of openSUSE Tumbleweed icinga2-common-2.14.6-1.1 as a component of openSUSE Tumbleweed icinga2-doc-2.14.6-1.1 as a component of openSUSE Tumbleweed icinga2-ido-mysql-2.14.6-1.1 as a component of openSUSE Tumbleweed icinga2-ido-pgsql-2.14.6-1.1 as a component of openSUSE Tumbleweed nano-icinga2-2.14.6-1.1 as a component of openSUSE Tumbleweed vim-icinga2-2.14.6-1.1 as a component of openSUSE Tumbleweed Icinga 2 is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. Prior to versions 2.12.12, 2.13.12, and 2.14.6, the VerifyCertificate() function can be tricked into incorrectly treating certificates as valid. This allows an attacker to send a malicious certificate request that is then treated as a renewal of an already existing certificate, resulting in the attacker obtaining a valid certificate that can be used to impersonate trusted nodes. This only occurs when Icinga 2 is built with OpenSSL older than version 1.1.0. This issue has been patched in versions 2.12.12, 2.13.12, and 2.14.6. CVE-2025-48057 SUSE Linux Enterprise Module for HPC 12:icinga2-2.8.2-3.11.2 SUSE Linux Enterprise Module for HPC 12:icinga2-bin-2.8.2-3.11.2 SUSE Linux Enterprise Module for HPC 12:icinga2-common-2.8.2-3.11.2 SUSE Linux Enterprise Module for HPC 12:icinga2-doc-2.8.2-3.11.2 SUSE Linux Enterprise Module for HPC 12:icinga2-ido-mysql-2.8.2-3.11.2 SUSE Linux Enterprise Module for HPC 12:icinga2-ido-pgsql-2.8.2-3.11.2 SUSE Linux Enterprise Module for HPC 12:icinga2-libs-2.8.2-3.11.2 SUSE Linux Enterprise Module for HPC 12:vim-icinga2-2.8.2-3.11.2 openSUSE Tumbleweed:icinga2-2.14.6-1.1 openSUSE Tumbleweed:icinga2-bin-2.14.6-1.1 openSUSE Tumbleweed:icinga2-common-2.14.6-1.1 openSUSE Tumbleweed:icinga2-doc-2.14.6-1.1 openSUSE Tumbleweed:icinga2-ido-mysql-2.14.6-1.1 openSUSE Tumbleweed:icinga2-ido-pgsql-2.14.6-1.1 openSUSE Tumbleweed:nano-icinga2-2.14.6-1.1 openSUSE Tumbleweed:vim-icinga2-2.14.6-1.1 important 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H