Nagios 5.5.6-5.7.5 - Authenticated Remote Command Injection

Nagios XI 5.5.6 through 5.7.5 is susceptible to authenticated remote command injection. There is improper sanitization of authenticated user-controlled input by a single HTTP request via the file /usr/local/nagiosxi/html/includes/configwizards/switch/switch.inc.php. This in turn can lead to remot...

CVE-2019-25297

creationtimestamp| type| source ---|---|--- 2026-01-16 23:28:45+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mclatwxcnb2r 2026-01-18 21:02:59+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3mcpzn4dx7426...

EUVD-2025-25297

Malicious code in bioql PyPI...

CVE-2024-25297

Cross Site Scripting XSS vulnerability in Bludit CMS version 3.15, allows remote attackers to execute arbitrary code and obtain sensitive information via edit-content.php...

CVE-2021-25297

Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/switch/switch.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS command...

CVE-2025-25297

Label Studio is an open source data labeling tool. Prior to version 1.16.0, Label Studio's S3 storage integration feature contains a Server-Side Request Forgery SSRF vulnerability in its endpoint configuration. When creating an S3 storage connection, the application allows users to specify a cust...

CVE-2025-25297

Label Studio (Open Source) contains a CVE-2025-25297 SSRF in the S3 storage endpoint configuration prior to version 1.16.0. The s3_endpoint parameter is passed directly to the boto3 AWS SDK without validation, allowing an authenticated user to trigger HTTP requests to arbitrary internal services ...

CVE-2024-25297

creationtimestamp| type| source ---|---|--- 2024-02-17 07:31:30+00:00| seen| https://t.me/ctinow/186797 2024-02-17 09:26:13+00:00| seen| https://t.me/ctinow/186830...

CVE-2024-25297

Cross Site Scripting XSS vulnerability in Bludit CMS version 3.15, allows remote attackers to execute arbitrary code and obtain sensitive information via edit-content.php...

CVE-2024-25297

CVE-2024-25297 is a Cross Site Scripting (XSS) vulnerability in Bludit CMS 3.15 exploitable via the endpoint edit-content.php . Multiple connected sources describe that remote attackers can execute arbitrary code and access sensitive information through this vector. Exploitation details in public...

Nagios XI 5.7.5 Remote Code Execution Exploit

This Metasploit module exploits CVE-2021-25296, CVE-2021-25297, and CVE-2021-25298, which are OS command injection vulnerabilities in the windowswmi, switch, and cloud-vm configuration wizards that allow an authenticated user to perform remote code execution on Nagios XI versions 5.5.6 to 5.7.5 a...

Nagios XI 5.5.6 to 5.7.5 - ConfigWizards Authenticated Remote Code Exection

This module exploits CVE-2021-25296, CVE-2021-25297, and CVE-2021-25298, which are OS command injection vulnerabilities in the windowswmi, switch, and cloud-vm configuration wizards that allow an authenticated user to perform remote code execution on Nagios XI versions 5.5.6 to 5.7.5 as the apach...

Nagios XI 5.7.5 Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Nagios XI 5.5.6 to 5.7.5 - ConfigWizards Authenticated Remote Code Exection', 'Description' = %q This module exploits CVE-2021-25296,...

CVE-2022-25297

This affects the package drogonframework/drogon before 1.7.5. The unsafe handling of file names during upload using HttpFile::save method may enable attackers to write files to arbitrary locations outside the designated target folder...

CVE-2022-25297

This affects the package drogonframework/drogon before 1.7.5. The unsafe handling of file names during upload using HttpFile::save method may enable attackers to write files to arbitrary locations outside the designated target folder...

CVE-2022-25297

CVE-2022-25297 affects the Drogon framework (drogon) before 1.7.5. The vulnerability arises from unsafe handling of file names during uploads in HttpFile::save(), allowing an attacker to write files to arbitrary locations outside the target directory. Impact is partial to high depending on contex...

CVE-2022-25297 Arbitrary File Write

This affects the package drogonframework/drogon before 1.7.5. The unsafe handling of file names during upload using HttpFile::save method may enable attackers to write files to arbitrary locations outside the designated target folder...

Nagios XI Remote Code Execution (CVE-2021-25296; CVE-2021-25297; CVE-2021-25298; CVE-2021-25299)

A remote code execution vulnerability exists in Nagios XI. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

CVE-2021-25297

creationtimestamp| type| source ---|---|--- 2021-02-15 16:46:46+00:00| seen| https://t.me/cibsecurity/23595 2023-02-07 21:54:12+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/nagiosxiconfigwizardsauthenticatedrce.rb 2023-04-27 09:58:59+00:00|...

CVE-2021-25297

CVE-2021-25297 affects Nagios XI 5.7.5 (and related versions) with an OS command injection vulnerability in /usr/local/nagiosxi/html/includes/configwizards/switch/switch.inc.php. The vulnerability stems from improper sanitization of input provided by an authenticated user via a single HTTP reques...