Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-28132

A session management flaw in Nagios Network Analyzer 2024R1.0.3 allows an attacker to reuse session tokens even after a user logs out, leading to unauthorized access and account takeover. This occurs due to insufficient session expiration, where session tokens remain valid beyond logout, allowing an attacker to impersonate users and perform actions on their behalf.

Published

2025-04-01T17:15:46.700

Last Modified

2025-06-18T13:59:16.210

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 4.6 (MEDIUM)

Weaknesses

Type: Secondary
CWE-613

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	nagios	nagios_network_analyzer	2024	Yes

References

https://github.com/harshal79/Insufficient-Session-Expiration.git Third Party Advisory ([email protected])
https://www.nagios.com/changelog/#network-analyzer Release Notes ([email protected])