Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-34280

Nagios Network Analyzer versions prior to 2024R2.0.1 contain a vulnerability in the LDAP certificate management functionality whereby the certificate removal operation fails to apply adequate input sanitation. An authenticated administrator can trigger command execution on the underlying host in the context of the web application service, resulting in remote code execution with the service's privileges.

Published

2025-10-30T22:15:48.497

Last Modified

2025-11-06T18:15:09.103

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 7.2 (HIGH)

Weaknesses

Type: Secondary
CWE-78

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	nagios	network_analyzer	< 2024	Yes
Application	nagios	network_analyzer	2024	Yes
Application	nagios	network_analyzer	2024	Yes
Application	nagios	network_analyzer	2024	Yes
Application	nagios	network_analyzer	2024	Yes

References

https://www.nagios.com/changelog/nagios-network-analyzer/ Release Notes ([email protected])
https://www.nagios.com/products/security/#network-analyzer Product ([email protected])
https://www.vulncheck.com/advisories/nagios-network-analyzer-rce-in-ldap-certificate-removal-function Third Party Advisory ([email protected])