CVE-2025-34273
MEDIUMNagios Log Server < 2024R2.0.3 - Incorrect Authorization for Global Dashboard Deletion
Title source: llmDescription
Nagios Log Server versions prior to 2024R2.0.3 contain an incorrect authorization vulnerability that allows non-administrator users to delete global dashboards. The application did not correctly enforce authorization checks for the global dashboard deletion workflow, enabling lower-privileged users to remove dashboards that affect other users or the overall monitoring UI.
References (3)
Core 3
Core References
Vendor Advisory vendor-advisory
patch
https://www.nagios.com/products/security/#log-server-2024R2
Release Notes release-notes
patch
https://www.nagios.com/changelog/#log-server
Third Party Advisory third-party-advisory
https://www.vulncheck.com/advisories/nagios-log-server-non-admin-dashboard-deletion
Scores
CVSS v3
6.5
EPSS
0.0018
EPSS Percentile
39.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-863
Status
published
Products (2)
nagios/log_server
2024 r1 (14 CPE variants)
nagios/log_server
< 2024
Published
Oct 30, 2025
Tracked Since
Feb 18, 2026