CVE-2025-34271

Name of the Vulnerable Software and Affected Versions Nagios Log Server versions prior to 2024R2.0.2

Description The software contains a flaw in the cluster manager component related to handling sensitive credentials. When requesting credentials from peer nodes, the communication occurs over an unencrypted channel, even with SSL/TLS enabled in the product configuration. This allows an attacker on the network to intercept credentials during transmission. Successful interception of these credentials could allow an attacker to authenticate as a cluster node or service account, potentially leading to unauthorized access, lateral movement, or system compromise.

Recommendations Update Nagios Log Server to version 2024R2.0.2 or later.