Broken Access Control in Nagios Network Analyzer by Nagios
CVE-2025-28131

Currently unrated

Key Information:

Vendor: Nagios
Status: Nagios Network Analyzer
Vendor: CVE Published:; 1 April 2025

What is CVE-2025-28131?

A vulnerability in Nagios Network Analyzer allows low-privileged users with 'Read-Only' access to execute administrative tasks, such as stopping essential services and deleting critical resources. The flaw is caused by inadequate authorization checks, enabling unauthorized users to alter system configurations, which poses risks to the overall integrity and availability of the system.

References

https://www.nagios.com/changelog/#network-analyzer

https://github.com/harshal79/Privilege-Escalation-in-Nagi...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 1, 2025
Vulnerability Reserved
Mar 11, 2025