CVE-2025-34135

CVSS v4.0

5.1

Vector

AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to 2024R1.4.2

Description Nagios XI versions prior to 2024R1.4.2 configure certain systemd unit files with overly permissive permissions. Specifically, the

nagios.service

unit possesses unnecessary executable permissions. These permissions can expand the local attack surface, potentially enabling unintended execution or facilitating abuse of service operations when combined with other weaknesses.

Recommendations Update Nagios XI to version 2024R1.4.2 or later.

Fix

Incorrect Permission

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-732

Related Identifiers

BDU:2025-14491

CVE-2025-34135

Affected Products

Nagios Xi

CVE-2025-34135

Weakness Enumeration

Related Identifiers

Affected Products

References · 7