CVE-2025-34280
HIGHNagios Network Analyzer < 2024R2.0.1 - Authenticated Remote Code Execution via LDAP Certificate Removal
Title source: llmDescription
Nagios Network Analyzer versions prior to 2024R2.0.1 contain a vulnerability in the LDAP certificate management functionality whereby the certificate removal operation fails to apply adequate input sanitation. An authenticated administrator can trigger command execution on the underlying host in the context of the web application service, resulting in remote code execution with the service's privileges.
References (3)
Core 3
Core References
Product vendor-advisory
patch
https://www.nagios.com/products/security/#network-analyzer
Release Notes release-notes
patch
https://www.nagios.com/changelog/nagios-network-analyzer/
Third Party Advisory third-party-advisory
https://www.vulncheck.com/advisories/nagios-network-analyzer-rce-in-ldap-certificate-removal-function
Scores
CVSS v3
7.2
EPSS
0.0052
EPSS Percentile
66.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-78
Status
published
Products (2)
nagios/network_analyzer
2024 r1.0.1 (4 CPE variants)
nagios/network_analyzer
< 2024
Published
Oct 30, 2025
Tracked Since
Feb 18, 2026