CVE-2025-34249

CVSS v4.0

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions Nagios Fusion versions prior to 2024R2.1

Description The application lacks proper rate limiting or account lockout mechanisms for repeated failed Two-Factor Authentication (2FA) verification attempts. This allows a remote attacker to repeatedly guess second-factor codes for a targeted account. By exploiting this deficiency, an attacker could potentially bypass 2FA and successfully authenticate to accounts protected by it.

Recommendations Update to version 2024R2.1 or later.

Fix

Improper Restriction of Excessive Authentication Attempts

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-307

Related Identifiers

BDU:2025-15971

CVE-2025-34249

Affected Products

Nagios Fusion

CVE-2025-34249

Weakness Enumeration

Related Identifiers

Affected Products

References · 10