CVE-2025-34271
Published: 30 October 2025
Description
Adversaries may attempt to position themselves between two or more networked devices using an adversary-in-the-middle (AiTM) technique to support follow-on behaviors such as [Network Sniffing](https://attack.
Security Summary
CVE-2025-34271 is a critical vulnerability in Nagios Log Server versions prior to 2024R2.0.2, specifically within the cluster manager component. The issue arises when the component requests sensitive credentials from peer nodes over an unencrypted channel, even if SSL/TLS is enabled in the product configuration. This leads to cleartext transmission of sensitive information, mapped to CWE-319, with a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
An attacker positioned on the network path between cluster nodes, such as in a man-in-the-middle scenario, can intercept these credentials in transit without requiring any privileges or user interaction. Captured credentials allow the attacker to authenticate as a cluster node or service account, facilitating unauthorized access, lateral movement across the network, or complete system compromise.
Nagios advisories recommend upgrading to version 2024R2.0.2 or later to address the vulnerability, as detailed in the product changelog and security page. Further technical analysis is provided in the VulnCheck advisory on the cluster manager's plaintext credential requests.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The vulnerability causes cleartext transmission of sensitive credentials between cluster nodes, directly enabling network sniffing (T1040) to capture them and adversary-in-the-middle (T1557) positioning to intercept them without privileges.