PT-2025-47178 · Nagios · Nagios Log Server
Published
2025-11-17
·
Updated
2025-11-17
·
CVE-2025-34322
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Nagios Log Server versions prior to 2026R1.0.1
Description
Nagios Log Server versions prior to 2026R1.0.1 have an authenticated command injection issue through the 'Natural Language Queries' feature. The application reads configuration values for this feature from application settings and uses them in a system command without proper validation of special characters. An authenticated user with access to global configuration can leverage this to execute arbitrary operating system commands with the privileges of the web server account, potentially compromising the Log Server host.
Recommendations
Update Nagios Log Server to version 2026R1.0.1 or later.
Exploit
Fix
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Nagios Log Server