CVE-2025-34277CRITICAL 9.8EPSS p75.6%

CVE-2025-34277CVE-2025-34277

Description

Nagios Log Server versions prior to 2024R1.3.1 contain a code injection vulnerability where malformed dashboard ID values are not properly validated before being forwarded to an internal API. An attacker able to supply crafted dashboard ID values can cause the system to execute attacker-controlled data, leading to arbitrary code execution in the context of the Log Server process.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS1.80% probability of exploitation · percentile 75.6% · 2026-06-18T12:00:27Z
Published2025-10-30
Last modified2025-11-06

Underlying weaknesses· 1

CWE-94

References

  1. https://www.nagios.com/changelog/#log-server-2024R1
  2. https://www.nagios.com/products/security/#log-server
  3. https://www.vulncheck.com/advisories/nagios-log-server-rce-via-malformed-dashboard-id

1

TypeTargetConfidenceTier
WeaknessImproper Control of Generation of Code ('Code Injection')cwe-940%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-29471
CVE
CVE-2025-34274
CVE
CVE-2025-34271
CVE
CVE-2025-34284
CVE
CVE-2025-34227
CVE
CVE-2025-67255
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.