Command Injection Vulnerability in Nagios XI by Nagios Enterprises
CVE-2024-14005

9.4CRITICAL

Key Information:

Vendor

NagiOS

Status
Xi
Vendor
CVE Published:
30 October 2025

What is CVE-2024-14005?

Nagios XI versions before 2024R1.2 are susceptible to a command injection vulnerability originating from the Docker Wizard. This flaw arises due to inadequate validation of user-input in the wizard, allowing an authenticated administrator to inject shell metacharacters. Exploitation of this vulnerability can lead to arbitrary command execution under the privileges of the Nagios XI web application user, posing a significant risk to the integrity and security of the affected systems.

Affected Version(s)

XI 0

References

https://www.nagios.com/products/security/#nagios-xi
vendor-advisorypatch
https://www.nagios.com/changelog/nagios-xi/
release-notespatch
https://www.vulncheck.com/advisories/nagios-xi-command-in...
third-party-advisory

CVSS V4

Score:
9.4
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Exodus Intelligence
JSON
.
CVE-2024-14005 : Command Injection Vulnerability in Nagios XI by Nagios Enterprises