PT-2025-8984 · Nagios · Nagios Xi

Published

2025-02-27

Updated

2025-03-03

CVE-2024-54957

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Nagios XI version 2024R1.2.2

Description The issue is an open redirect flaw located on the Tools page, which can be exploited by users with read-only permissions. This allows an attacker to craft a malicious link that redirects users to an arbitrary external URL without their consent.

Recommendations For Nagios XI version 2024R1.2.2, as a temporary workaround, consider restricting access to the Tools page until a patch is available.

Exploit

Fix

Open Redirect

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-601

Related Identifiers

CVE-2024-54957

Affected Products

Nagios Xi

PT-2025-8984 · Nagios · Nagios Xi

CVE-2024-54957

Weakness Enumeration

Related Identifiers

Affected Products

References · 8