CVE-2025-34298 (GCVE-0-2025-34298)
Vulnerability from cvelistv5
Published
2025-10-30 21:25
Modified
2025-10-31 17:40
Severity ?
8.7 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CWE
  • CWE-281 - Improper Preservation of Permissions
Summary
Nagios Log Server versions prior to 2024R1.3.2 contain a privilege escalation vulnerability in the account email-change workflow. A user could set their own email to an invalid value and, due to insufficient validation and authorization checks tied to email identity state, trigger inconsistent account state that granted elevated privileges or bypassed intended access controls.
References
Impacted products
Vendor Product Version
Nagios Log Server Version: 0   < 2024R1.3.2
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-34298",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-31T17:40:19.982180Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-31T17:40:32.919Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "modules": [
            "Web UI \u2013 Account profile / email update workflow"
          ],
          "product": "Log Server",
          "vendor": "Nagios",
          "versions": [
            {
              "lessThan": "2024R1.3.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:nagios:log_server:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "2024r1.3.2",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ],
          "operator": "OR"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Nagios Log Server versions prior to 2024R1.3.2 contain a privilege escalation vulnerability in the account email-change workflow. A user could set their own email to an invalid value and, due to insufficient validation and authorization checks tied to email identity state, trigger inconsistent account state that granted elevated privileges or bypassed intended access controls.\u003cbr\u003e"
            }
          ],
          "value": "Nagios Log Server versions prior to 2024R1.3.2 contain a privilege escalation vulnerability in the account email-change workflow. A user could set their own email to an invalid value and, due to insufficient validation and authorization checks tied to email identity state, trigger inconsistent account state that granted elevated privileges or bypassed intended access controls."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-281",
              "description": "CWE-281 Improper Preservation of Permissions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-30T21:25:52.056Z",
        "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "shortName": "VulnCheck"
      },
      "references": [
        {
          "tags": [
            "release-notes",
            "patch"
          ],
          "url": "https://www.nagios.com/changelog/nagios-log-server-2024r1/"
        },
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.vulncheck.com/advisories/nagios-log-server-set-email-privilege-escalation"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Nagios addresses this vulnerability as \"Fixed a privilege escalation issue where a user can edit their own email and put in an invalid address.\"\u003cbr\u003e"
            }
          ],
          "value": "Nagios addresses this vulnerability as \"Fixed a privilege escalation issue where a user can edit their own email and put in an invalid address.\""
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Nagios Log Server \u003c 2024R1.3.2 Set Email Privilege Escalation",
      "x_generator": {
        "engine": "Vulnogram 0.4.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
    "assignerShortName": "VulnCheck",
    "cveId": "CVE-2025-34298",
    "datePublished": "2025-10-30T21:25:52.056Z",
    "dateReserved": "2025-04-15T19:15:22.582Z",
    "dateUpdated": "2025-10-31T17:40:32.919Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-34298\",\"sourceIdentifier\":\"disclosure@vulncheck.com\",\"published\":\"2025-10-30T22:15:49.257\",\"lastModified\":\"2025-11-06T16:27:12.660\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Nagios Log Server versions prior to 2024R1.3.2 contain a privilege escalation vulnerability in the account email-change workflow. A user could set their own email to an invalid value and, due to insufficient validation and authorization checks tied to email identity state, trigger inconsistent account state that granted elevated privileges or bypassed intended access controls.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"disclosure@vulncheck.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":8.7,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"HIGH\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"disclosure@vulncheck.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-281\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nagios:log_server:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2024\",\"matchCriteriaId\":\"87E74637-713C-4DD7-B97E-2F247B7B12B1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nagios:log_server:2024:r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"B93D415C-B2C0-42CE-B9B3-29C29A3DCC16\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nagios:log_server:2024:r1.0.1:*:*:*:*:*:*\",\"matchCriteriaId\":\"997B64B5-A3F2-4D0E-B05E-CCA76D598C18\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nagios:log_server:2024:r1.0.2:*:*:*:*:*:*\",\"matchCriteriaId\":\"D20F6746-83DD-49AE-8C3D-AF2FFB47A89E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nagios:log_server:2024:r1.1:*:*:*:*:*:*\",\"matchCriteriaId\":\"5EF32AF5-19EA-495A-AB28-F78F33DDEC3F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nagios:log_server:2024:r1.2:*:*:*:*:*:*\",\"matchCriteriaId\":\"4C26DE7A-37AA-4570-81C1-2E0C1A9026F7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nagios:log_server:2024:r1.3:*:*:*:*:*:*\",\"matchCriteriaId\":\"52C22468-A773-49C8-81AD-9B76C26BFFD1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nagios:log_server:2024:r1.3.1:*:*:*:*:*:*\",\"matchCriteriaId\":\"7CEC223A-A3EE-4C51-8B71-E19C73B9215C\"}]}]}],\"references\":[{\"url\":\"https://www.nagios.com/changelog/nagios-log-server-2024r1/\",\"source\":\"disclosure@vulncheck.com\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://www.vulncheck.com/advisories/nagios-log-server-set-email-privilege-escalation\",\"source\":\"disclosure@vulncheck.com\",\"tags\":[\"Third Party Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-34298\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-10-31T17:40:19.982180Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-10-31T17:40:26.648Z\"}}], \"cna\": {\"title\": \"Nagios Log Server \u003c 2024R1.3.2 Set Email Privilege Escalation\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 8.7, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"LOW\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"HIGH\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"HIGH\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Nagios\", \"modules\": [\"Web UI \\u2013 Account profile / email update workflow\"], \"product\": \"Log Server\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"2024R1.3.2\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"Nagios addresses this vulnerability as \\\"Fixed a privilege escalation issue where a user can edit their own email and put in an invalid address.\\\"\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Nagios addresses this vulnerability as \\\"Fixed a privilege escalation issue where a user can edit their own email and put in an invalid address.\\\"\u003cbr\u003e\", \"base64\": false}]}], \"references\": [{\"url\": \"https://www.nagios.com/changelog/nagios-log-server-2024r1/\", \"tags\": [\"release-notes\", \"patch\"]}, {\"url\": \"https://www.vulncheck.com/advisories/nagios-log-server-set-email-privilege-escalation\", \"tags\": [\"third-party-advisory\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.4.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Nagios Log Server versions prior to 2024R1.3.2 contain a privilege escalation vulnerability in the account email-change workflow. A user could set their own email to an invalid value and, due to insufficient validation and authorization checks tied to email identity state, trigger inconsistent account state that granted elevated privileges or bypassed intended access controls.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Nagios Log Server versions prior to 2024R1.3.2 contain a privilege escalation vulnerability in the account email-change workflow. A user could set their own email to an invalid value and, due to insufficient validation and authorization checks tied to email identity state, trigger inconsistent account state that granted elevated privileges or bypassed intended access controls.\u003cbr\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-281\", \"description\": \"CWE-281 Improper Preservation of Permissions\"}]}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:a:nagios:log_server:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"2024r1.3.2\", \"versionStartIncluding\": \"0\"}], \"operator\": \"OR\"}], \"operator\": \"OR\"}], \"providerMetadata\": {\"orgId\": \"83251b91-4cc7-4094-a5c7-464a1b83ea10\", \"shortName\": \"VulnCheck\", \"dateUpdated\": \"2025-10-30T21:25:52.056Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-34298\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-10-31T17:40:32.919Z\", \"dateReserved\": \"2025-04-15T19:15:22.582Z\", \"assignerOrgId\": \"83251b91-4cc7-4094-a5c7-464a1b83ea10\", \"datePublished\": \"2025-10-30T21:25:52.056Z\", \"assignerShortName\": \"VulnCheck\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.