CVE-2025-28132

Name of the Vulnerable Software and Affected Versions Nagios Network Analyzer version 2024R1.0.3

Description A session management flaw allows an attacker to reuse session tokens even after a user logs out, leading to unauthorized access and account takeover. This occurs due to insufficient session expiration, where session tokens remain valid beyond logout, allowing an attacker to impersonate users and perform actions on their behalf.

Recommendations For Nagios Network Analyzer version 2024R1.0.3, consider implementing a session expiration mechanism that invalidates session tokens upon user logout as a temporary workaround until a patch is available. Restrict access to sensitive features and monitor user activity to minimize the risk of exploitation.