CVE-2025-44824
Published: 07 October 2025
Description
Adversaries may disable, degrade, or tamper with security tools or applications (e.
Security Summary
CVE-2025-44824 is a vulnerability in Nagios Log Server versions before 2024R1.3.2 that enables authenticated users with read-only API access to stop the Elasticsearch service. This occurs via an API call to /nagioslogserver/index.php/api/system/stop?subsystem=elasticsearch, where the service halts despite the response containing the message "Could not stop elasticsearch." The issue stems from CWE-863 (Incorrect Authorization) and carries a CVSS v3.1 base score of 8.5 (AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H), highlighting high availability impact with changed scope.
Low-privileged authenticated users can exploit this remotely over the network with low attack complexity and no user interaction. By issuing the specified API request, they achieve a denial-of-service condition, fully stopping the Elasticsearch service and disrupting log processing and search functionality in the affected Nagios Log Server deployment.
The Nagios changelog at https://www.nagios.com/changelog/#log-server details the fix in version 2024R1.3.2. A proof-of-concept demonstrating the denial-of-service is publicly available at https://github.com/skraft9/nagios-log-server-dos.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The vulnerability enables low-privileged authenticated users to remotely stop the Elasticsearch service via API, facilitating Service Stop (T1489), Service Exhaustion Flood via service disruption (T1499.002), and Disable or Modify Tools by impairing the log server's defensive logging capabilities (T1562.001).