Initiatives for
As the national authority for Cybersecurity the CCB has developed several initiatives for specific publics which are presented here.
Warning: Critical Vulnerability in Icinga 2, Patch Immediately!
Image
Published : 28/05/2025
- Last update: 28/05/2025
- Affected software:
→ Icinga 2- Type: CWE-296: Improper Following of a Certificate's Chain of Trust
- CVE/CVSS
→ CVE-2025-48057: CVSS 9.3 (CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L)
Sources
https://icinga.com/blog/cve-2025-48057/
Risks
A critical vulnerability has been discovered in Icinga 2, an open-source monitoring system widely used for infrastructure and network health monitoring. The vulnerability, identified as CVE-2025-48057, affects Icinga 2 installations built with OpenSSL versions older than 1.1.0 (including default configurations on Red Hat Enterprise Linux 7 RHEL 7 and Amazon Linux 2.)
This flaw allows an attacker to impersonate trusted nodes. By exploiting this, attackers could potentially infiltrate monitoring environments, evade detection, manipulate monitoring data, or impersonate critical systems.
It affects the integrity (e.g., trust in node identity) and confidentiality (e.g., access to sensitive monitoring data), and could have an impact on availability.
Organizations should update Icinga 2 to the latest patched versions to mitigate this risk.
Description
Prior to versions 2.12.12, 2.13.12, and 2.14.6, the VerifyCertificate() function can be tricked into incorrectly treating certificates as valid. This allows an attacker to send a malicious certificate request that is then treated as a renewal of an already existing certificate, resulting in the attacker obtaining a valid certificate that can be used to impersonate trusted nodes.
The root cause is an outdated behavior in OpenSSL versions prior to 1.1.0, where a "valid" flag stored within the certificate object could persist between validation steps. This only occurs when Icinga 2 is built with OpenSSL older than version 1.1.0.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority after thorough testing.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity and ensure a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via https://ccb.belgium.be/en/cert/report-incident.
While patching appliances or software to the newest version may protect against future exploitation, it does not remediate historic compromise.
References
https://nvd.nist.gov/vuln/detail/CVE-2025-48057
https://github.com/Icinga/icinga2/security/advisories/GHSA-7vcf-f5v9-3wr6