CVE-2025-34277
Published: 30 October 2025
Description
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Security Summary
CVE-2025-34277 is a code injection vulnerability (CWE-94) affecting Nagios Log Server versions prior to 2024R1.3.1. The issue arises when malformed dashboard ID values are not properly validated before being forwarded to an internal API, allowing attacker-controlled data to be executed. This leads to arbitrary code execution in the context of the Log Server process. The vulnerability has a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its high impact on confidentiality, integrity, and availability.
An unauthenticated attacker with network access can exploit this vulnerability by supplying crafted dashboard ID values, requiring low complexity and no user interaction. Successful exploitation grants remote code execution on the affected system, potentially allowing full compromise of the Log Server instance.
Nagios advisories recommend updating to version 2024R1.3.1 or later to mitigate the vulnerability, as detailed in the Nagios Log Server changelog at https://www.nagios.com/changelog/#log-server-2024R1 and security page at https://www.nagios.com/products/security/#log-server. Additional analysis is available from VulnCheck at https://www.vulncheck.com/advisories/nagios-log-server-rce-via-malformed-dashboard-id.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
CVE-2025-34277 enables unauthenticated remote code execution via malformed dashboard ID in the network-accessible Nagios Log Server, directly facilitating T1190: Exploit Public-Facing Application.