How to fix CVE-2025-30164?

Within 30 days: Identify affected systems running versions and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.

Is Open Redirect affected by CVE-2025-30164?

Organizations using versions should be aware of moderate risk from CVE-2025-30164 rated CVSS 4.1. Exploitation could compromise the security of affected deployments. Organizations should apply vendor updates when available and monitor for exploitation.

Open Redirect CVE-2025-30164

MEDIUM

URL Redirection to Untrusted Site (Open Redirect) (CWE-601)

2025-03-26 [email protected]

Open Redirect Icinga Web 2 Suse

4.1

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Changed

Confidentiality

None

Integrity

Low

Availability

None

Lifecycle Timeline

Patch released

Apr 05, 2026 - 20:30 nvd

Patch available

Analysis Generated

Mar 28, 2026 - 18:33 vuln.today

CVE Published

Mar 26, 2025 - 17:15 nvd

MEDIUM 4.1

DescriptionNVD

Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. A vulnerability in versions prior to 2.11.5 and 2.12.13 vulnerability allows an attacker to craft a URL that, once visited by an authenticated user (or one that is able to authenticate), allows to manipulate the backend to redirect the user to any location. This issue has been resolved in versions 2.11.5 and 2.12.3 of Icinga Web 2. No known workarounds are available.

AnalysisAI

Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Rated medium severity (CVSS 4.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Open Redirect (CWE-601), which allows attackers to redirect users to malicious websites via URL manipulation. Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. A vulnerability in versions prior to 2.11.5 and 2.12.13 vulnerability allows an attacker to craft a URL that, once visited by an authenticated user (or one that is able to authenticate), allows to manipulate the backend to redirect the user to any location. This issue has been resolved in versions 2.11.5 and 2.12.3 of Icinga Web 2. No known workarounds are available. Affected products include: Icinga Icinga Web 2. Version information: prior to 2.11.5.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate redirect destinations against an allowlist, avoid using user input in redirect URLs.

Vendor StatusVendor

CVE-2025-30164 vulnerability details – vuln.today

Back