CVE-2025-34227HIGH 8.8EPSS p97.7%

CVE-2025-34227CVE-2025-34227

Description

Nagios XI < 2026R1 is vulnerable to an authenticated command injection vulnerability within the MongoDB Database, MySQL Query, MySQL Server, Postgres Server, and Postgres Query wizards. It is possible to inject shell characters into arguments provided to the service and execute arbitrary system commands on the underlying host as the `nagios` user.

Scoring

CVSS 3.18.8 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS26.24% probability of exploitation · percentile 97.7% · 2026-06-18T12:00:27Z
Published2025-09-25
Last modified2025-10-14

Underlying weaknesses· 1

CWE-78

References

  1. https://theyhack.me/CVE-2025-34227-Nagios-XI-Wizard-Command-Injection/
  2. https://www.nagios.com/changelog/
  3. https://www.nagios.com/products/security/
  4. https://www.vulncheck.com/advisories/nagios-xi-config-wizard-auth-command-injection

1

TypeTargetConfidenceTier
WeaknessImproper Neutralization of Special Elements used in an OS Command ('OS Command Injection')cwe-780%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-67255
CVE
CVE-2025-34284
CVE
Nagios XI OS Command Injection
CVE
CVE-2026-2042
CVE
CVE-2025-34277
CVE
CVE-2026-2041
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.