Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-34272

In Nagios Log Server versions prior to 2024R2.0.3, when a user's configured default dashboard is deleted, the application does not reliably fall back to an empty, default dashboard. In some implementations this can result in an unexpected dashboard being presented as the user's default view. Depending on the product's dashboard sharing and access policies, this behavior may cause information exposure or unexpected privilege exposure.

Published

2025-10-30T22:15:47.810

Last Modified

2025-11-06T16:29:24.517

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

Weaknesses

Type: Secondary
CWE-200

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	nagios	log_server	< 2024	Yes
Application	nagios	log_server	2024	Yes
Application	nagios	log_server	2024	Yes
Application	nagios	log_server	2024	Yes
Application	nagios	log_server	2024	Yes
Application	nagios	log_server	2024	Yes
Application	nagios	log_server	2024	Yes
Application	nagios	log_server	2024	Yes
Application	nagios	log_server	2024	Yes
Application	nagios	log_server	2024	Yes
Application	nagios	log_server	2024	Yes
Application	nagios	log_server	2024	Yes
Application	nagios	log_server	2024	Yes
Application	nagios	log_server	2024	Yes
Application	nagios	log_server	2024	Yes

References

https://www.nagios.com/changelog/#log-server Release Notes ([email protected])
https://www.nagios.com/products/security/#log-server-2024R2 Vendor Advisory ([email protected])
https://www.vulncheck.com/advisories/nagios-log-server-non-empty-default-dashboard-fallback Third Party Advisory ([email protected])