CVE-2025-34274

CVE-2025-34274 is an execution with unnecessary privileges vulnerability (CWE-250) affecting Nagios Log Server versions prior to 2024R2.0.3. The issue stems from the software's embedded Logstash process running as the root user, which elevates the potential impact of any compromise in this network-facing component. The vulnerability has a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), highlighting its critical severity due to high confidentiality, integrity, and availability impacts.

A remote, unauthenticated attacker can exploit this vulnerability by first compromising the Logstash process, such as through an insecure plugin, pipeline configuration injection, or a flaw in input parsing. Once compromised, the attacker gains the ability to execute arbitrary code with root privileges, leading to full system compromise on the affected Nagios Log Server host.

Nagios advisories indicate that the vulnerability is addressed in version 2024R2.0.3 by modifying the Logstash service to run as the lower-privileged 'nagios' user rather than root, thereby reducing the risk for this service that processes untrusted input or third-party components. Additional details are available in the Nagios Log Server changelog at https://www.nagios.com/changelog/#log-server, the security advisories page at https://www.nagios.com/products/security/#log-server-2024R2, and the VulnCheck advisory at https://www.vulncheck.com/advisories/nagios-log-server-logstash-process-root-privileges. Security practitioners should upgrade to the patched version and review Logstash configurations for potential entry points.