CVE-2025-28131

Name of the Vulnerable Software and Affected Versions Nagios Network Analyzer version 2024R1.0.3

Description A Broken Access Control issue allows low-privilege users with "Read-Only" access to perform administrative actions, including stopping system services and deleting critical resources. This flaw arises due to improper authorization enforcement, enabling unauthorized modifications that compromise system integrity and availability.

Recommendations For Nagios Network Analyzer version 2024R1.0.3, consider restricting access to administrative functions until a patch is available, and review user permissions to ensure that low-privilege users cannot perform sensitive actions. As a temporary workaround, consider disabling the ability for "Read-Only" users to stop system services and delete critical resources.