Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-44823

Nagios Log Server before 2024R1.3.2 allows authenticated users to retrieve cleartext administrative API keys via a /nagioslogserver/index.php/api/system/get_users call. This is GL:NLS#475.

Published

2025-10-07T20:15:35.070

Last Modified

2025-11-06T16:41:01.823

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 9.9 (CRITICAL)

Weaknesses
  • Type: Secondary
    CWE-497
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application nagios log_server < 2024 Yes
Application nagios log_server 2024 Yes
Application nagios log_server 2024 Yes
Application nagios log_server 2024 Yes
Application nagios log_server 2024 Yes
Application nagios log_server 2024 Yes
Application nagios log_server 2024 Yes
Application nagios log_server 2024 Yes
References