CVE-2025-34280

Sažetak

Nagios Network Analyzer versions prior to 2024R2.0.1 contain a vulnerability in the LDAP certificate management functionality whereby the certificate removal operation fails to apply adequate input sanitation. An authenticated administrator can trigger command execution on the underlying host in the context of the web application service, resulting in remote code execution with the service's privileges.

Reference

https://www.nagios.com/changelog/nagios-network-analyzer/
https://www.nagios.com/products/security/#network-analyzer
https://www.vulncheck.com/advisories/nagios-network-analyzer-rce-in-ldap-certificate-removal-function

CVSS

Base:	7.2
Impact:	5.9
Exploitability:	1.2

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	HIGH

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	HIGH	HIGH

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Zadnje važnije ažuriranje

06-11-2025 - 18:15

Objavljeno

30-10-2025 - 22:15