CVE-2025-44823

CVE-2025-44823 is a critical vulnerability in Nagios Log Server versions prior to 2024R1.3.2, stemming from improper restriction of knowledge to authenticated users (CWE-497). It allows any authenticated user to retrieve cleartext administrative API keys through an unauthenticated API endpoint at /nagioslogserver/index.php/api/system/get_users. The issue, tracked internally as GL:NLS#475, carries a CVSS v3.1 base score of 9.9 (AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H), highlighting its severe potential impact across confidentiality, integrity, and availability with a changed scope.

An attacker with low-privilege authenticated access, such as a standard user account, can exploit this remotely over the network with minimal complexity and no user interaction required. Successful exploitation exposes sensitive administrative API keys in plaintext, enabling privilege escalation to full administrative control. This could allow attackers to manipulate server configurations, access logs, execute arbitrary actions via the API, or pivot to further compromise the environment.

Advisories reference a proof-of-concept exploit available on Exploit-DB (ID 52177) and point to the Nagios changelog for patch details. Mitigation involves upgrading to Nagios Log Server 2024R1.3.2 or later, which addresses the flaw by restricting access to administrative data in the affected API call.

Public availability of an Exploit-DB entry indicates active interest from the security research community, though no widespread real-world exploitation has been reported as of the CVE publication on 2025-10-07.