PT-2025-44518 · Nagios · Nagios Log Server
Institute
·
Published
2025-02-04
·
Updated
2025-10-31
·
CVE-2025-34277
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Nagios Log Server versions prior to 2024R1.3.1
Description
The software contains a code injection issue stemming from inadequate validation of dashboard ID values before they are processed by an internal API. An attacker can leverage crafted dashboard ID values to execute arbitrary code within the Log Server process. The affected API receives dashboard ID values without proper sanitization, allowing for potential code execution. The vulnerable parameter is the dashboard ID.
Recommendations
Update to version 2024R1.3.1 or later.
Fix
RCE
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Nagios Log Server