CVE-2025-34287

Nagios XI versions prior to 2024R2 contain an improperly owned script, processperfdata.pl, which is executed periodically as the nagios user but owned by www-data. Because the file was writable by www-data, an attacker with web server privileges could modify its contents, leading to arbitrary cod...

CVE-2025-34287 Nagios XI < 2024R2 Privilege Escalation via process_perfdata.pl

Nagios XI versions prior to 2024R2 contain an improperly owned script, processperfdata.pl, which is executed periodically as the nagios user but owned by www-data. Because the file was writable by www-data, an attacker with web server privileges could modify its contents, leading to arbitrary cod...

CVE-2025-34287

Nagios XI prior to 2024R2 is affected by a local privilege escalation due to an improperly owned script, process_perfdata.pl, which runs as the nagios user but is owned by www-data and writable by www-data. An attacker with web-server privileges could modify the script and trigger arbitrary code ...

CVE-2025-34287 Nagios XI < 2024R2 Privilege Escalation via process_perfdata.pl

Nagios XI versions prior to 2024R2 contain an improperly owned script, processperfdata.pl, which is executed periodically as the nagios user but owned by www-data. Because the file was writable by www-data, an attacker with web server privileges could modify its contents, leading to arbitrary cod...