Session Management Flaw in Nagios Network Analyzer by Nagios
CVE-2025-28132

Currently unrated

Key Information:

Vendor: Nagios
Status: Nagios Network Analyzer
Vendor: CVE Published:; 1 April 2025

What is CVE-2025-28132?

A flaw in Nagios Network Analyzer 2024R1.0.3 allows session tokens to be reused even after a user has logged out, creating a risk of unauthorized access. This vulnerability stems from inadequate session expiration, permitting malicious actors to exploit residual session tokens to impersonate legitimate users, effectively enabling them to perform actions under false identities.

References

https://www.nagios.com/changelog/#network-analyzer

https://github.com/harshal79/Insufficient-Session-Expirat...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 1, 2025
Vulnerability Reserved
Mar 11, 2025