Weakness in User Import Process for Nagios Log Server by Nagios
CVE-2025-34270

6.9MEDIUM

Key Information:

Vendor

NagiOS

Status
Log Server
Vendor
CVE Published:
30 October 2025

What is CVE-2025-34270?

The Nagios Log Server prior to version 2024R2.0.2 has a security flaw in its Active Directory/LDAP user import functionality that fails to adequately obfuscate the password field during the import process. This oversight means that plaintext passwords provided for imported accounts may become visible within the user interface, logs, or other system outputs. Consequently, this could potentially allow sensitive user credentials to be accessed by administrators or any individual who has access to the import results, posing significant security risks.

Affected Version(s)

Log Server 0 < 2024R2.0.2

References

https://www.nagios.com/products/security/#log-server-2024R2
vendor-advisorypatch
https://www.nagios.com/changelog/#log-server
release-notespatch
https://support.nagios.com/kb/article/authenticating-and-...
product

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-34270 : Weakness in User Import Process for Nagios Log Server by Nagios