fkie_nvd - fkie_cve-2025-34284

fkie_cve-2025-34284

Vulnerability from fkie_nvd

Published

2025-10-30 22:15

Modified

2025-11-06 18:14

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

Nagios XI versions prior to 2024R2 contain a command injection vulnerability in the WinRM plugin. Insufficient validation of user-supplied parameters allows an authenticated administrator to inject shell metacharacters that are incorporated into backend command invocations. Successful exploitation enables arbitrary command execution with the privileges of the Nagios XI web application user and can be leveraged to modify configuration, exfiltrate data, disrupt monitoring operations, or execute commands on the underlying host operating system.

References

URL	Tags
disclosure@vulncheck.com	https://www.nagios.com/changelog/nagios-xi/	Release Notes
disclosure@vulncheck.com	https://www.nagios.com/products/security/#nagios-xi	Vendor Advisory
disclosure@vulncheck.com	https://www.vulncheck.com/advisories/nagios-xi-authenticated-command-injection-via-winrm-plugin	Third Party Advisory

Impacted products

Vendor	Product	Version
nagios	nagios_xi	*
nagios	nagios_xi	2024
nagios	nagios_xi	2024
nagios	nagios_xi	2024
nagios	nagios_xi	2024
nagios	nagios_xi	2024
nagios	nagios_xi	2024
nagios	nagios_xi	2024
nagios	nagios_xi	2024
nagios	nagios_xi	2024
nagios	nagios_xi	2024
nagios	nagios_xi	2024
nagios	nagios_xi	2024
nagios	nagios_xi	2024
nagios	nagios_xi	2024
nagios	nagios_xi	2024
nagios	nagios_xi	2024
nagios	nagios_xi	2024
nagios	nagios_xi	2024
nagios	nagios_xi	2024
nagios	nagios_xi	2024
nagios	nagios_xi	2024
nagios	nagios_xi	2024

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:nagios:nagios_xi:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "62CF7BF4-6AAA-443E-93B4-B2F080091C13",
              "versionEndExcluding": "2024",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nagios:nagios_xi:2024:r1:*:*:*:*:*:*",
              "matchCriteriaId": "85F1764D-1DD8-44B0-BF5A-2420CB519A3C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nagios:nagios_xi:2024:r1.0.1:*:*:*:*:*:*",
              "matchCriteriaId": "C1FE1A0B-78D1-4626-A4CD-21B843DA596E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nagios:nagios_xi:2024:r1.0.2:*:*:*:*:*:*",
              "matchCriteriaId": "CCAB888E-F030-4640-9A18-9E423E553308",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nagios:nagios_xi:2024:r1.1:*:*:*:*:*:*",
              "matchCriteriaId": "C648B0A4-053C-4884-8A37-4AF03053ED1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nagios:nagios_xi:2024:r1.1.1:*:*:*:*:*:*",
              "matchCriteriaId": "893EEA99-0096-4C9F-BA8A-246A3E3F6C15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nagios:nagios_xi:2024:r1.1.2:*:*:*:*:*:*",
              "matchCriteriaId": "A1FDA3F3-DF79-4807-9451-F04B2DB9A2B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nagios:nagios_xi:2024:r1.1.3:*:*:*:*:*:*",
              "matchCriteriaId": "9E055065-35A7-458A-A2DB-26634B97EE7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nagios:nagios_xi:2024:r1.1.4:*:*:*:*:*:*",
              "matchCriteriaId": "76946B2D-093C-4981-8465-5ADBB98C0676",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nagios:nagios_xi:2024:r1.1.5:*:*:*:*:*:*",
              "matchCriteriaId": "E9112876-7C61-4A72-8F91-023378E82E6D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nagios:nagios_xi:2024:r1.2:*:*:*:*:*:*",
              "matchCriteriaId": "1443759F-EBD7-4366-A5D3-9FB15CE15B40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nagios:nagios_xi:2024:r1.2.1:*:*:*:*:*:*",
              "matchCriteriaId": "F85D8CA4-F1AC-4538-925C-1AD00FF7B9C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nagios:nagios_xi:2024:r1.2.2:*:*:*:*:*:*",
              "matchCriteriaId": "7FFC081E-728A-4643-A8DF-5CC8E94E7D78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nagios:nagios_xi:2024:r1.3:*:*:*:*:*:*",
              "matchCriteriaId": "C3D8A858-2F40-4568-BCA0-59CF6033A7FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nagios:nagios_xi:2024:r1.3.1:*:*:*:*:*:*",
              "matchCriteriaId": "2D1C8647-F0EB-443F-B18B-338335CE54B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nagios:nagios_xi:2024:r1.3.2:*:*:*:*:*:*",
              "matchCriteriaId": "9A695A21-8F5A-4588-91E9-F7AF101B77AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nagios:nagios_xi:2024:r1.3.3:*:*:*:*:*:*",
              "matchCriteriaId": "AA587E9E-86DA-41A4-BF3B-56B1488B326A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nagios:nagios_xi:2024:r1.3.4:*:*:*:*:*:*",
              "matchCriteriaId": "BBCC6B6F-E627-49D4-9FA6-72283B07973A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nagios:nagios_xi:2024:r1.4:*:*:*:*:*:*",
              "matchCriteriaId": "450E4C8D-FC6B-42E6-A574-61F89AEB1800",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nagios:nagios_xi:2024:r1.4.1:*:*:*:*:*:*",
              "matchCriteriaId": "838E2FEE-8707-4CA9-B877-EE69D32615E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nagios:nagios_xi:2024:r1.4.2:*:*:*:*:*:*",
              "matchCriteriaId": "F82CD561-A42C-447C-8869-1136170674E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nagios:nagios_xi:2024:r1.4.3:*:*:*:*:*:*",
              "matchCriteriaId": "6AC31313-7C30-4D67-A437-EAA7EDA71AF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nagios:nagios_xi:2024:r1.4.4:*:*:*:*:*:*",
              "matchCriteriaId": "3FCC4C68-A056-41F5-B4BF-677FF2B6F245",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Nagios XI versions prior to\u00a02024R2\u00a0contain a command injection vulnerability in the WinRM plugin. Insufficient validation of user-supplied parameters allows an authenticated administrator to inject shell metacharacters that are incorporated into backend command invocations. Successful exploitation enables arbitrary command execution with the privileges of the Nagios XI web application user and can be leveraged to modify configuration, exfiltrate data, disrupt monitoring operations, or execute commands on the underlying host operating system."
    }
  ],
  "id": "CVE-2025-34284",
  "lastModified": "2025-11-06T18:14:12.050",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ],
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "LOW",
          "attackRequirements": "NONE",
          "attackVector": "NETWORK",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 9.4,
          "baseSeverity": "CRITICAL",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "HIGH",
          "providerUrgency": "NOT_DEFINED",
          "subAvailabilityImpact": "HIGH",
          "subConfidentialityImpact": "HIGH",
          "subIntegrityImpact": "HIGH",
          "userInteraction": "NONE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "version": "4.0",
          "vulnAvailabilityImpact": "HIGH",
          "vulnConfidentialityImpact": "HIGH",
          "vulnIntegrityImpact": "HIGH",
          "vulnerabilityResponseEffort": "NOT_DEFINED"
        },
        "source": "disclosure@vulncheck.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-10-30T22:15:48.773",
  "references": [
    {
      "source": "disclosure@vulncheck.com",
      "tags": [
        "Release Notes"
      ],
      "url": "https://www.nagios.com/changelog/nagios-xi/"
    },
    {
      "source": "disclosure@vulncheck.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.nagios.com/products/security/#nagios-xi"
    },
    {
      "source": "disclosure@vulncheck.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.vulncheck.com/advisories/nagios-xi-authenticated-command-injection-via-winrm-plugin"
    }
  ],
  "sourceIdentifier": "disclosure@vulncheck.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "disclosure@vulncheck.com",
      "type": "Secondary"
    }
  ]
}

CVE-2025-34284 (GCVE-0-2025-34284)

Vulnerability from cvelistv5

Published

2025-10-30 21:30

Modified

2025-10-31 15:05

Severity ?

9.4 (Critical) - CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

CWE

CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')