How severe is CVE-2025-48057?

This vulnerability has a severity rating of CRITICAL with a CVSS score of N/A out of 10.

What type of vulnerability is CVE-2025-48057?

This is classified as CWE-296, which is a common weakness in software security.

CVE-2025-48057 - CRITICAL Severity | CVSS N/A

Vulnerability Description

Icinga 2 is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. Prior to versions 2.12.12, 2.13.12, and 2.14.6, the VerifyCertificate() function can be tricked into incorrectly treating certificates as valid. This allows an attacker to send a malicious certificate request that is then treated as a renewal of an already existing certificate, resulting in the attacker obtaining a valid certificate that can be used to impersonate trusted nodes. This only occurs when Icinga 2 is built with OpenSSL older than version 1.1.0. This issue has been patched in versions 2.12.12, 2.13.12, and 2.14.6.

Related Vulnerabilities

CVE-2021-23162

HIGH

CVSS:8.1(High)

Improper validation of the cloud certificate chain in Mobile Connect allows man-in-the-middle attack to impersonate the legitimate Command Centre Server. This issue affects: Gallagher Command Centre M...

CWE-2962021

CVE-2025-1146

HIGH

CVSS:8.1(High)

CrowdStrike uses industry-standard TLS (transport layer security) to secure communications from the Falcon sensor to the CrowdStrike cloud. CrowdStrike has identified a validation logic error in the F...

CWE-2962025

CVE-2019-3762

HIGH

CVSS:7.5(High)

Data Protection Central versions 1.0, 1.0.1, 18.1, 18.2, and 19.1 contains an Improper Certificate Chain of Trust Vulnerability. A remote unauthenticated attacker could potentially exploit this vulner...

CWE-2962019

CVE-2021-1566

HIGH

CVSS:7.4(High)

A vulnerability in the Cisco Advanced Malware Protection (AMP) for Endpoints integration of Cisco AsyncOS for Cisco Email Security Appliance (ESA) and Cisco Web Security Appliance (WSA) could allow an...

CWE-2962021

CVE-2021-23155

MEDIUM

CVSS:6.8(Medium)

Improper validation of the cloud certificate chain in Mobile Client allows man-in-the-middle attack to impersonate the legitimate Command Centre Server. This issue affects: Gallagher Command Centre Mo...

CWE-2962021

CVE-2021-44532

MEDIUM

CVSS:5.3(Medium)

Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 converts SANs (Subject Alternative Names) to a string format. It uses this string to check peer certificates against hostnames when validating con...

CWE-2962021