PT-2025-53775 · Nagios Xi · Nagios Xi
Yongye
·
Published
2025-12-16
·
Updated
2025-12-30
·
CVE-2025-67255
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
NagiosXI version 2026R1.0.1 build 1762361101
Description
Dashboard parameters in the software do not have sufficient filtering, which allows authenticated users to exploit a SQL Injection issue. The vulnerability allows unauthorized access to the database through crafted requests to the dashboard.
Recommendations
Apply proper filtering to dashboard parameters to prevent SQL Injection attacks.
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Nagios Xi