PT-2025-39429 · Postgresql Global Development Group+3 · Postgres+3
Published
2025-09-25
·
Updated
2025-09-26
·
CVE-2025-34227
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Nagios XI versions prior to 2026R1
Description
Nagios XI is susceptible to an authenticated command injection issue present in the MongoDB Database, MySQL Query, MySQL Server, Postgres Server, and Postgres Query wizards. Successful exploitation allows injection of shell characters into arguments supplied to the service, enabling the execution of arbitrary system commands on the host as the
nagios user. The vulnerable wizards include MongoDB Database, MySQL Query, MySQL Server, Postgres Server, and Postgres Query.Recommendations
Update to version 2026R1 or later.
Exploit
Fix
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mongodb
Mysql Server
Nagios Xi
Postgres