Overly Permissive Permissions in Nagios XI by Nagios
CVE-2025-34135

5.1MEDIUM

Key Information:

Vendor

NagiOS

Status
Xi
Vendor
CVE Published:
30 October 2025

What is CVE-2025-34135?

Nagios XI versions prior to 2024R1.4.2 contain a vulnerability related to improperly configured systemd unit files, specifically the nagios.service unit that has overly permissive executable permissions. This misconfiguration increases the risk of local attacks by potentially allowing unauthorized execution behaviors or abuse of service operations. Organizations using affected versions are encouraged to update to mitigate these risks.

Affected Version(s)

XI 0

References

https://www.nagios.com/products/security/#nagios-xi
vendor-advisorypatch
https://www.nagios.com/changelog/nagios-xi/
release-notespatch
https://www.vulncheck.com/advisories/nagios-xi-overly-per...
third-party-advisory

CVSS V4

Score:
5.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-34135 : Overly Permissive Permissions in Nagios XI by Nagios