CVE-2024-14004

Nagios XI versions prior to 2024R1.2 contain a privilege escalation vulnerability related to NagVis configuration handling nagvis.conf. An authenticated user could manipulate NagVis configuration data or leverage insufficiently validated configuration settings to obtain elevated privileges on the...

CVE-2024-14003 Nagios XI < 2024R1.2 RCE via NRDP Server Plugins

Nagios XI versions prior to 2024R1.2 are vulnerable to remote code execution RCE through its NRDP Nagios Remote Data Processor server plugins. Insufficient validation of inbound NRDP request parameters allows crafted input to reach command execution paths, enabling attackers to execute arbitrary...

PT-2025-44504

Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to 2024R1.2 Description Nagios XI versions prior to 2024R1.2 have a command injection issue in the Docker Wizard. A lack of proper input validation allows a user with administrator privileges to inject shell...

PT-2025-44502

Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to 2024R1.2 Description The software contains a flaw due to insufficient validation of inbound NRDP Nagios Remote Data Processor request parameters. This allows crafted input to reach command execution paths, potential...

EUVD-2025-36198

Nagios Fusion v2024R1.2 and v2024R2 does not invalidate already existing session tokens when the two-factor authentication mechanism is enabled, allowing attackers to perform a session hijacking attack...

EUVD-2025-36197

A lack of rate limiting in the OTP verification component of Nagios Fusion v2024R1.2 and v2024R2 allows attackers to bypass authentication via a bruteforce attack...

CVE-2025-60425

Nagios Fusion v2024R1.2 and v2024R2 does not invalidate already existing session tokens when the two-factor authentication mechanism is enabled, allowing attackers to perform a session hijacking attack...

CVE-2025-60425

Nagios Fusion v2024R1.2 and v2024R2 does not invalidate already existing session tokens when the two-factor authentication mechanism is enabled, allowing attackers to perform a session hijacking attack...

Nagios Fusion 安全漏洞

Nagios Fusion is a centralized monitoring and visualization platform from the US-based Nagios, Inc. A security vulnerability exists in Nagios Fusion versions v2024R1.2 and v2024R2 that stems from failure to invalidate an existing session token when enabling two-factor authentication, which could...

CVE-2025-60424

A lack of rate limiting in the OTP verification component of Nagios Fusion v2024R1.2 and v2024R2 allows attackers to bypass authentication via a bruteforce attack...

CVE-2025-60425

CVE-2025-60425 affects Nagios Fusion v2024R1.2 and v2024R2. The root cause is failure to invalidate existing session tokens when two-factor authentication is enabled, enabling session hijacking attacks. The CVSSv3.1 base score is 8.6 (HIGH) with network attack vector, no user interaction, and no ...

CVE-2025-60424

CVE-2025-60424 affects Nagios Fusion versions 2024R1.2 and 2024R2. The root cause is a lack of rate limiting in the OTP verification component, which allows authentication bypass via brute-force attempts. Affected product: Nagios Fusion; the issue is documented across multiple sources (Red Hat CG...

PT-2025-43978

Name of the Vulnerable Software and Affected Versions Nagios Fusion versions 2024R1.2 and 2024R2 Description Nagios Fusion versions 2024R1.2 and 2024R2 do not invalidate existing session tokens when two-factor authentication is enabled. This allows an attacker to potentially hijack active session...