CVE-2025-34284
Published: 30 October 2025
Description
Adversaries may abuse Unix shell commands and scripts for execution.
Security Summary
CVE-2025-34284 is a command injection vulnerability (CWE-78) in the WinRM plugin of Nagios XI versions prior to 2024R2. The issue stems from insufficient validation of user-supplied parameters, which allows injection of shell metacharacters into backend command invocations. Published on 2025-10-30, it carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
An authenticated administrator can exploit this vulnerability remotely with low complexity and no user interaction required. Successful exploitation grants arbitrary command execution under the privileges of the Nagios XI web application user, enabling attackers to modify configurations, exfiltrate data, disrupt monitoring operations, or execute commands on the underlying host operating system.
Nagios advisories point to upgrading to Nagios XI 2024R2 as the primary mitigation. Relevant resources include the Nagios XI changelog at https://www.nagios.com/changelog/nagios-xi/, the security products page at https://www.nagios.com/products/security/#nagios-xi, and the VulnCheck advisory at https://www.vulncheck.com/advisories/nagios-xi-authenticated-command-injection-via-winrm-plugin.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Command injection vulnerability in the web-based Nagios XI WinRM plugin enables exploitation of a public-facing application (T1190) and arbitrary execution via Unix Shell (T1059.004).