CVE-2025-34286

CVSS v4.0

9.4

Vector

AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to 2026R1

Description Nagios XI versions prior to 2026R1 contain a remote code execution issue in the Core Config Manager (CCM) Run Check command. Insufficient validation and escaping of parameters used to construct backend command lines allows an authenticated administrator to inject shell metacharacters that are executed on the server. Successful exploitation results in arbitrary command execution with the privileges of the Nagios XI web application user, potentially leading to control of the underlying host operating system.

Recommendations Nagios XI versions prior to 2026R1 should be updated to version 2026R1 or later.

Fix

RCE

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

BDU:2025-13776

CVE-2025-34286

Affected Products

Nagios Xi

CVE-2025-34286

Weakness Enumeration

Related Identifiers

Affected Products

References · 9