CVE-2025-34274

Name of the Vulnerable Software and Affected Versions Nagios Log Server versions prior to 2024R2.0.3

Description The software runs its embedded Logstash process as the root user, leading to a situation where an attacker compromising the Logstash process could execute code with root privileges, potentially resulting in full system compromise. This could occur through exploiting insecure plugins, pipeline configuration injection, or vulnerabilities in input parsing. The Logstash service has been altered to run as the 'nagios' user to mitigate this risk.

Recommendations Update to version 2024R2.0.3 or later.