CVE-2025-34323

HIGH

Nagios Log Server < 2026R1.0.1 - Local Privilege Escalation via Sudo Misconfiguration and Group-Writable Scripts

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-34323. PoCs published by mcorybillington.

AI-analyzed exploit summary This repository contains functional exploit code for CVE-2025-34322 (authenticated command injection) and CVE-2025-34323 (privilege escalation via sudo misconfiguration) in Nagios Log Server. The exploits chain these vulnerabilities to achieve remote code execution as root.

Description

Nagios Log Server versions prior to 2026R1.0.1 are vulnerable to local privilege escalation due to a combination of sudo misconfiguration and group-writable application directories. The 'www-data' user is a member of the 'nagios' group, which has write access to '/usr/local/nagioslogserver/scripts', while several scripts in this directory are owned by root and may be executed via sudo without a password. A local attacker running as 'www-data' can move one of these root-owned scripts to a backup name and create a replacement script with attacker-controlled content at the original path, then invoke it with sudo. This allows arbitrary commands to be executed with root privileges, providing full compromise of the underlying operating system.

Exploits (1)

github WORKING POC

by mcorybillington · pythonpoc

https://github.com/mcorybillington/CVE-2025-34322_CVE-2025-34323_Nagios_Log_Server

View Code ZIP pw:eip

This repository contains functional exploit code for CVE-2025-34322 (authenticated command injection) and CVE-2025-34323 (privilege escalation via sudo misconfiguration) in Nagios Log Server. The exploits chain these vulnerabilities to achieve remote code execution as root.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Nagios Log Server

Auth required

Prerequisites: Valid credentials for Nagios Log Server · Network access to the target · Sudo misconfiguration allowing www-data to execute specific scripts as root

MITRE ATT&CK

T1059 - Command and Scripting Interpreter T1068 - Exploitation for Privilege Escalation T1505 - Server Software Component

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (4)

Core 4

Core References

Vendor Advisory vendor-advisory patch

https://www.nagios.com/products/security/#log-server

Release Notes release-notes patch

https://www.nagios.com/changelog/nagios-log-server/nagios-log-server-2026r1-0-1/

Third Party Advisory third-party-advisory

https://www.vulncheck.com/advisories/nagios-log-server-local-privilege-escalation-via-writable-scripts-and-sudo-rules

Various Sources technical-description exploit

https://theyhack.me/Rooting-Nagios-Log-Server/

Scores

CVSS v3 7.8

EPSS 0.0027

EPSS Percentile 18.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-732

Status published

Products (3)

Nagios/Log Server < 2026R1.0.1

nagios/log_server 2026 r1

nagios/log_server < 2026

Published Nov 17, 2025

Tracked Since Feb 18, 2026