CVE-2025-34078

Name of the Vulnerable Software and Affected Versions: NSClient++ version 0.5.2.35

Description: A local privilege escalation issue exists when both the web interface and ExternalScripts features are enabled. The configuration file (nsclient.ini) stores the administrative password in plaintext and is readable by local users. An attacker can extract this password, authenticate to the NSClient++ web interface (typically accessible on port 8443), and abuse the ExternalScripts plugin to inject and execute arbitrary commands as SYSTEM. This can be done by registering a custom script, saving the configuration, and triggering it via the API.

Recommendations: For NSClient++ version 0.5.2.35, consider disabling the ExternalScripts feature and restricting access to the web interface until a secure configuration or update is available. As a temporary workaround, restrict access to the nsclient.ini configuration file to prevent local users from reading the administrative password.