Privilege Escalation Vulnerability in Nagios XI by Nagios
CVE-2024-14009

9.4CRITICAL

Key Information:

Vendor

NagiOS

Status
Xi
Vendor
CVE Published:
30 October 2025

What is CVE-2024-14009?

Nagios XI prior to version 2024R1.0.1 is susceptible to a privilege escalation issue within the System Profile component. This vulnerability arises from inadequate access controls and improper handling of profile data actions, allowing an authenticated administrator to exploit it. If successfully exploited, this could enable an administrator to perform operations that extend beyond the intended security measures of the application, potentially granting them root access on the underlying XI server. Users are urged to upgrade to the latest version to mitigate this risk.

Affected Version(s)

XI 0

References

https://www.nagios.com/products/security/#nagios-xi
vendor-advisorypatch
https://www.nagios.com/changelog/nagios-xi/
release-notespatch
https://www.vulncheck.com/advisories/nagios-xi-privilege-...
third-party-advisory

CVSS V4

Score:
9.4
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Matthew Bach from Hack The Box Ltd
JSON
.
CVE-2024-14009 : Privilege Escalation Vulnerability in Nagios XI by Nagios