CVE-2025-34079

Name of the Vulnerable Software and Affected Versions: NSClient++ version 0.5.2.35

Description: An authenticated remote code execution issue exists when the web interface and ExternalScripts module are enabled. A remote attacker with the administrator password can authenticate to the web interface, inject arbitrary commands as external scripts via the "/settings/query.json" API endpoint, save the configuration, and trigger the script via the "/query/{name}" endpoint. The injected commands are executed with SYSTEM privileges, enabling full remote compromise. This capability is an intended feature, but the lack of safeguards or privilege separation makes it risky when exposed to untrusted actors.

Recommendations: For NSClient++ version 0.5.2.35, consider disabling the ExternalScripts module or restricting access to the web interface to minimize the risk of exploitation. As a temporary workaround, restrict access to the "/settings/query.json" and "/query/{name}" API endpoints until a patch is available. Avoid using the ExternalScripts module until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.