CVE-2025-28059

Name of the Vulnerable Software and Affected Versions Nagios Network Analyzer version 2024R1.0.3

Description The issue arises from improper session invalidation and stale token handling, allowing deleted users to retain access to system resources. When a user account is deleted by an administrator, the backend fails to terminate active sessions and revoke associated API tokens, thus enabling unauthorized access to restricted functions.

Recommendations For Nagios Network Analyzer version 2024R1.0.3, consider manually terminating all active sessions and revoking associated API tokens when a user account is deleted to prevent unauthorized access until a patch is available. As a temporary workaround, restrict access to sensitive functions and resources to minimize the risk of exploitation.