CVE-2025-48057 – Icinga 2 OpenSSL Certificate Validation Bypass

May 27, 2025

CVE ID : CVE-2025-48057

Published : May 27, 2025, 5:15 p.m. | 17 minutes ago

Description : Icinga 2 is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. Prior to versions 2.12.12, 2.13.12, and 2.14.6, the VerifyCertificate() function can be tricked into incorrectly treating certificates as valid. This allows an attacker to send a malicious certificate request that is then treated as a renewal of an already existing certificate, resulting in the attacker obtaining a valid certificate that can be used to impersonate trusted nodes. This only occurs when Icinga 2 is built with OpenSSL older than version 1.1.0. This issue has been patched in versions 2.12.12, 2.13.12, and 2.14.6.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-5249 – PHPGurukul News Portal Project SQL Injection Vulnerability

Next Article CVE-2025-23247 – NVIDIA CUDA Toolkit ELF Buffer Overflow Vulnerability

Highlights

CVE-2025-4155 – PHPGurukul Boat Booking System SQL Injection Vulnerability

May 1, 2025

CVE ID : CVE-2025-4155

Published : May 1, 2025, 8:15 a.m. | 3 hours, 38 minutes ago

Description : A vulnerability, which was classified as critical, was found in PHPGurukul Boat Booking System 1.0. This affects an unknown part of the file /admin/edit-boat.php. The manipulation of the argument bid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Sunshine And March Vibes (2025 Wallpapers Edition)

The Case For Minimal WordPress Setups: A Contrarian View On Theme Frameworks

How To Fix Largest Contentful Paint Issues With Subpart Analysis

How To Prevent WordPress SQL Injection Attacks

How Red Hat just quietly, radically transformed enterprise server Linux

OpenAI wants ChatGPT to be your ‘super assistant’ – what that means

The best Linux VPNs of 2025: Expert tested and reviewed

One of my favorite gaming PCs is 60% off right now

`document.currentScript` is more useful than I thought.

`document.currentScript` is more useful than I thought.

Adobe Sensei and GenAI in Practice for Enterprise CMS

Over The Air Updates for React Native Apps

You can now open ChatGPT on Windows 11 with Win+C (if you change the Settings)

You can now open ChatGPT on Windows 11 with Win+C (if you change the Settings)

Microsoft says Copilot can use location to change Outlook’s UI on Android

TempoMail — Command Line Temporary Email in Linux

CVE-2025-48057 – Icinga 2 OpenSSL Certificate Validation Bypass

Chrome Zero-Day Alert: CVE-2025-5419 Actively Exploited in the Wild

CISA Adds 5 Actively Exploited Vulnerabilities to KEV Catalog: ASUS Routers, Craft CMS, and ConnectWise Targeted

CVE-2024-44236: Remote Code Execution vulnerability in Apple macOS

Kitchen and Bath Remodeling

Cultural Adaptation with the Best Abroad Education Consultants in India

CISA Warns of Apache HTTP Server Escape Vulnerability Exploited in the Wild

CVE-2025-4155 – PHPGurukul Boat Booking System SQL Injection Vulnerability

Gemini breaks new ground: a faster model, longer context and AI agents

CoGUI Phishing Kit: Advanced Evasion Tactics Target Japan

The tiniest Raspberry Pi – the $5 Pico 2 – gets a big performance boost

CVE-2025-48057 – Icinga 2 OpenSSL Certificate Validation Bypass

Related Posts