CVE-2025-34249

Name of the Vulnerable Software and Affected Versions Nagios Fusion versions prior to 2024R2.1

Description The application lacks proper rate limiting or account lockout mechanisms for repeated failed Two-Factor Authentication (2FA) verification attempts. This allows a remote attacker to repeatedly guess second-factor codes for a targeted account. By exploiting this deficiency, an attacker could potentially bypass 2FA and successfully authenticate to accounts protected by it.

Recommendations Update to version 2024R2.1 or later.