CVE-2025-34298

CVSS v2.0

9.0

High

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Nagios Log Server versions prior to 2024R1.3.2

Description Nagios Log Server versions prior to 2024R1.3.2 contain a privilege escalation issue in the account email-change workflow. A user can set their email to an invalid value, and due to inadequate validation and authorization checks related to email identity state, this can cause an inconsistent account state. This inconsistent state can grant elevated privileges or bypass intended access controls.

Recommendations Update Nagios Log Server to version 2024R1.3.2 or later.

Fix

LPE

Improper Preservation of Permissions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-281

Related Identifiers

BDU:2025-14709

CVE-2025-34298

Affected Products

Nagios Log Server

CVE-2025-34298

Weakness Enumeration

Related Identifiers

Affected Products

References · 9