CVE-2025-34227

HIGH

Nagios XI < 2026R1 - Authenticated OS Command Injection via Database Wizard Arguments

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-34227. PoCs published by mcorybillington.

AI-analyzed exploit summary This repository contains a Python script that exploits an authenticated command injection vulnerability in Nagios XI's Configuration Wizard (CVE-2025-34227). The exploit leverages the `database` parameter in a MySQL query configuration to inject arbitrary commands, achieving remote code execution.

Description

Nagios XI < 2026R1 is vulnerable to an authenticated command injection vulnerability within the MongoDB Database, MySQL Query, MySQL Server, Postgres Server, and Postgres Query wizards. It is possible to inject shell characters into arguments provided to the service and execute arbitrary system commands on the underlying host as the `nagios` user.

Exploits (1)

nomisec WORKING POC

by mcorybillington · poc

https://github.com/mcorybillington/CVE-2025-34227_Nagios-XI-Command-Injection-Configuration-Wizard

View Code ZIP pw:eip

This repository contains a Python script that exploits an authenticated command injection vulnerability in Nagios XI's Configuration Wizard (CVE-2025-34227). The exploit leverages the `database` parameter in a MySQL query configuration to inject arbitrary commands, achieving remote code execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Nagios XI (version not specified)

Auth required

Prerequisites: Valid Nagios XI credentials · Access to the Configuration Wizard endpoint

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Release Notes vendor-advisory patch

https://www.nagios.com/changelog/

Vendor Advisory vendor-advisory patch

https://www.nagios.com/products/security/

Third Party Advisory third-party-advisory

https://www.vulncheck.com/advisories/nagios-xi-config-wizard-auth-command-injection

Exploit, Third Party Advisory technical-description exploit

https://theyhack.me/CVE-2025-34227-Nagios-XI-Wizard-Command-Injection/

Scores

CVSS v3 8.8

EPSS 0.2624

EPSS Percentile 97.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-78

Status published

Products (2)

Nagios/Nagios XI < 2026R1

nagios/nagios_xi < 2026

Published Sep 25, 2025

Tracked Since Feb 18, 2026