CVE-2025-34284

Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to 2024R2

Description Nagios XI versions prior to 2024R2 have a command injection issue in the WinRM plugin. A lack of proper validation of user-supplied parameters allows an authenticated administrator to inject shell metacharacters into backend command invocations. Successful exploitation can lead to arbitrary command execution with the privileges of the Nagios XI web application user. This could allow attackers to modify configuration, steal data, disrupt monitoring, or execute commands on the host operating system. The vulnerable component is the WinRM plugin, and the issue stems from insufficient validation of user-supplied parameters.

Recommendations Update Nagios XI to version 2024R2 or later.