PT-2025-43977 · Unknown · Nagios Fusion
Published
2025-10-27
·
Updated
2025-10-28
·
CVE-2025-60424
CVSS v3.1
7.6
High
| Vector | AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L |
Name of the Vulnerable Software and Affected Versions
Nagios Fusion versions 2024R1.2 through 2024R2
Description
A missing rate limit in the OTP verification component allows attackers to bypass authentication through brute-force attacks.
Recommendations
Apply a rate limit to the OTP verification component in Nagios Fusion version 2024R1.2.
Apply a rate limit to the OTP verification component in Nagios Fusion version 2024R2.
Exploit
Fix
Improper Restriction of Excessive Authentication Attempts
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Nagios Fusion