Insecure File Permissions in Nagios XI Affects Export Functionality
CVE-2021-47700

8.5HIGH

Key Information:

Vendor: NagiOS
Status: Xi
Vendor: CVE Published:; 30 October 2025

What is CVE-2021-47700?

Nagios XI versions prior to 5.8.7 utilized a temporary directory for Highcharts exports that had overly permissive ownership and permissions settings. This vulnerability could allow local or co-hosted processes to read, overwrite export artifacts, or manipulate paths, which heightens the risk of data disclosure or tampering. Moreover, this misconfiguration could lead to potential execution of unauthorized code based on the deployment context.

Affected Version(s)

XI 0 < 5.8.7

References

https://www.nagios.com/changelog/nagios-xi/

release-notespatch

https://www.vulncheck.com/advisories/nagios-xi-insecure-p...

third-party-advisory

CVSS V4

Score:

8.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 30, 2025
Vulnerability Reserved
Oct 30, 2025

JSON

NagiOS

What is CVE-2021-47700?

Affected Version(s)

References

CVSS V4

Timeline