Privilege Escalation Vulnerability in Nagios XI by Nagios
CVE-2024-14004

8.7HIGH

Key Information:

Vendor

NagiOS

Status
Xi
Vendor
CVE Published:
30 October 2025

What is CVE-2024-14004?

Nagios XI versions earlier than 2024R1.2 present a vulnerability that allows an authenticated user to exploit flaws in NagVis configuration handling (specifically in nagvis.conf). By manipulating configuration data or exploiting insufficient validation of settings, attackers can gain elevated privileges within the Nagios XI environment, leading to potential unauthorized access and control over the system.

Affected Version(s)

XI 0

References

https://www.nagios.com/products/security/#nagios-xi
vendor-advisorypatch
https://www.nagios.com/changelog/nagios-xi/
release-notespatch
https://www.vulncheck.com/advisories/nagios-xi-privilege-...
third-party-advisory

CVSS V4

Score:
8.7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Exodus Intelligence
JSON
.
CVE-2024-14004 : Privilege Escalation Vulnerability in Nagios XI by Nagios