CVE-2025-34271CRITICAL 9.8EPSS p45.0%

CVE-2025-34271CVE-2025-34271

Description

Nagios Log Server versions prior to 2024R2.0.2 contain a vulnerability in the cluster manager component when requesting sensitive credentials from peer nodes over an unencrypted channel even when SSL/TLS is enabled in the product configuration. As a result, an attacker positioned on the network path can intercept credentials in transit. Captured credentials could allow the attacker to authenticate as a cluster node or service account, enabling further unauthorized access, lateral movement, or system compromise.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.62% probability of exploitation · percentile 45.0% · 2026-06-18T12:00:27Z
Published2025-10-30
Last modified2025-11-06

Underlying weaknesses· 1

CWE-319

References

  1. https://www.nagios.com/changelog/#log-server
  2. https://www.nagios.com/products/security/#log-server-2024R2
  3. https://www.vulncheck.com/advisories/nagios-log-server-cluster-manager-credential-requests-sent-over-plaintext

1

TypeTargetConfidenceTier
WeaknessCleartext Transmission of Sensitive Informationcwe-3190%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-44823
CVE
CVE-2025-34277
CVE
CVE-2025-34274
CVE
CVE-2025-34298
CVE
CVE-2025-29471
CVE
CVE-2025-34284
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.