CVE-2025-61789 is a vulnerability classified under CWE-204 (Observable Response Discrepancy) affecting Icinga DB Web, a graphical interface component of the Icinga monitoring system. The flaw exists in versions prior to 1.1.4 and between 1.2.0 and before 1.2.3. An authorized user with access to the Icinga DB Web interface can craft filters using custom variables that are intended to be protected or hidden via icingadb/protect/variables or icingadb/denylist/variables configurations. Due to improper handling, the system's responses differ depending on whether the guessed variable values are correct or not, allowing the attacker to infer sensitive information by analyzing these response discrepancies. This side-channel information leak compromises confidentiality but does not allow modification of data or disruption of service. The vulnerability requires low privilege (authorized user) but no additional user interaction. The issue was resolved in versions 1.1.4 and 1.2.3 by making the system respond with an error when such protected or hidden variables are queried, thus eliminating the observable discrepancy. The CVSS v3.1 score is 5.3, reflecting a medium severity with network attack vector, high attack complexity, low privileges required, no user interaction, and high confidentiality impact. No public exploits have been reported yet, but the vulnerability poses a risk to organizations relying on Icinga DB Web for monitoring critical infrastructure.

For European organizations, the primary impact of CVE-2025-61789 is the unauthorized disclosure of sensitive monitoring configuration data or custom variable values within Icinga DB Web. This information leakage could aid attackers in reconnaissance, enabling them to better understand the monitored environment and potentially plan further attacks. Confidentiality breaches may expose internal network details, system configurations, or operational parameters that are meant to be protected. Although the vulnerability does not allow direct data modification or service disruption, the leaked information could facilitate lateral movement or privilege escalation in complex attack scenarios. Organizations in sectors with strict data protection requirements, such as finance, healthcare, and critical infrastructure, may face compliance risks if sensitive monitoring data is exposed. Since exploitation requires authorized access to the Icinga DB Web interface, the threat is more significant in environments with weak internal access controls or where user credentials may be compromised. The absence of known exploits in the wild reduces immediate risk but does not eliminate the need for prompt remediation.

European organizations should take the following specific mitigation steps: 1) Upgrade Icinga DB Web to versions 1.1.4 or 1.2.3 or later, where the vulnerability is fixed. 2) Restrict access to the Icinga DB Web interface strictly to trusted and necessary personnel, enforcing strong authentication and role-based access controls to minimize the number of authorized users. 3) Monitor and audit user activities within Icinga DB Web to detect unusual filter usage or attempts to access protected variables. 4) Implement network segmentation to isolate monitoring infrastructure from general user networks, reducing the risk of unauthorized access. 5) Review and tighten the configuration of custom variables, ensuring sensitive variables are properly protected and not exposed unnecessarily. 6) Educate administrators and users about the risks of information disclosure through side channels and encourage prompt reporting of suspicious behavior. 7) Maintain up-to-date backups and incident response plans to quickly address any potential compromise stemming from information leakage. These targeted measures go beyond generic patching by focusing on access control, monitoring, and configuration hygiene specific to the vulnerability context.