CVE-2025-34298HIGH 8.8EPSS p43.4%

CVE-2025-34298CVE-2025-34298

Description

Nagios Log Server versions prior to 2024R1.3.2 contain a privilege escalation vulnerability in the account email-change workflow. A user could set their own email to an invalid value and, due to insufficient validation and authorization checks tied to email identity state, trigger inconsistent account state that granted elevated privileges or bypassed intended access controls.

Scoring

CVSS 3.18.8 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS0.59% probability of exploitation · percentile 43.4% · 2026-06-18T12:00:27Z
Published2025-10-30
Last modified2025-11-06

Underlying weaknesses· 1

CWE-281

References

  1. https://www.nagios.com/changelog/nagios-log-server-2024r1/
  2. https://www.vulncheck.com/advisories/nagios-log-server-set-email-privilege-escalation

1

TypeTargetConfidenceTier
WeaknessImproper Preservation of Permissionscwe-2810%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-34274
CVE
CVE-2025-29471
CVE
CVE-2025-34271
CVE
CVE-2025-34277
CVE
CVE-2025-44823
CVE
CVE-2025-34284
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.