CVE-2025-34280

CVSS v2.0

9.0

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Nagios Network Analyzer versions prior to 2024R2.0.1

Description Nagios Network Analyzer contains a flaw in how it handles LDAP certificate management. Specifically, the certificate removal process does not properly sanitize input. An authenticated administrator can exploit this to execute commands on the host system, with the privileges of the web application service, leading to remote code execution.

Recommendations Update to version 2024R2.0.1 or later.

Fix

RCE

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

BDU:2025-15974

CVE-2025-34280

Affected Products

Nagios Network Analyzer

CVE-2025-34280

Weakness Enumeration

Related Identifiers

Affected Products

References · 9