Privilege Escalation Vulnerability in Nagios XI by Nagios
CVE-2024-13997

9.4CRITICAL

Key Information:

Vendor

NagiOS

Status
Xi
Vendor
CVE Published:
3 November 2025

What is CVE-2024-13997?

Nagios XI before version 2024R1.1.3 contains a vulnerability that allows authenticated administrators to exploit the Migrate Server feature. This flaw gives an admin-level attacker the ability to escalate their privileges, potentially leading to full control over the underlying operating system. By manipulating the migration workflow, attackers can execute unauthorized actions, thereby breaching the security perimeter of the application.

Affected Version(s)

XI 0

References

https://www.nagios.com/products/security/#nagios-xi
vendor-advisorypatch
https://www.nagios.com/changelog/nagios-xi/
release-notespatch
https://www.vulncheck.com/advisories/nagios-xi-privilege-...
third-party-advisory

CVSS V4

Score:
9.4
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2024-13997 : Privilege Escalation Vulnerability in Nagios XI by Nagios