CVE-2025-28131
Last modified
CVE-2025-28131 is a medium-severity vulnerability rated 4.6/10 on the CVSS scale. A Broken Access Control vulnerability in Nagios Network Analyzer 2024R1.0.3 allows low-privilege users with "Read-Only" access to perform administrative actions, including stopping system services and deleting critical resources. This flaw arises due to improper authorization enforcement, enabling unauthorized modifications that compromise system integrity and availability.. EPSS estimates a 0.36% chance of exploitation in the next 30 days.
Description
A Broken Access Control vulnerability in Nagios Network Analyzer 2024R1.0.3 allows low-privilege users with "Read-Only" access to perform administrative actions, including stopping system services and deleting critical resources. This flaw arises due to improper authorization enforcement, enabling unauthorized modifications that compromise system integrity and availability.
Metrics
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Nagios | Network Analyzer | 2024 | R1.0.3 |
References
- https://github.com/harshal79/Privilege-Escalation-in-Nagios-Network-Analyzer.gitThird Party Advisory
- https://www.nagios.com/changelog/#network-analyzerRelease Notes
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2025-28131?
How severe is CVE-2025-28131?
How do I fix CVE-2025-28131?
Are you affected by CVE-2025-28131?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST