Vulnerability in Nagios Log Server Cluster Manager Exposes Sensitive Credentials
CVE-2025-34271

8.7HIGH

Key Information:

Vendor

NagiOS

Status
Log Server
Vendor
CVE Published:
30 October 2025

What is CVE-2025-34271?

Nagios Log Server versions released before 2024R2.0.2 are susceptible to a vulnerability within the cluster manager component that permits the interception of sensitive credentials. This occurs when credentials are requested from peer nodes over unencrypted channels, despite SSL/TLS being configured. An attacker positioned within the network can capture these credentials during transit, potentially allowing unauthorized authentication as a cluster node or service account. Such access could lead to additional compromise, including lateral movement across the network, further exposing systems to risk.

Affected Version(s)

Log Server 0 < 2024R2.0.2

References

https://www.nagios.com/products/security/#log-server-2024R2
vendor-advisorypatch
https://www.nagios.com/changelog/#log-server
release-notespatch
https://www.vulncheck.com/advisories/nagios-log-server-cl...
third-party-advisory

CVSS V4

Score:
8.7
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-34271 : Vulnerability in Nagios Log Server Cluster Manager Exposes Sensitive Credentials