CVE-2025-34288

Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to 2026R1.1

Description The software contains a flaw that allows for local privilege escalation. This is due to an unsafe interaction between sudo permissions and application file permissions. A maintenance script accessible to users can be executed as root via sudo, and includes a file writable by a lower-privileged user. An attacker with access to the application account can modify this file to introduce malicious code, which is then executed with root privileges when the script is run. Successful exploitation results in arbitrary code execution as the root user.

Recommendations Update to version 2026R1.1 or later.