Information Exposure in Nagios Log Server Versions Prior to 2024R2.0.3
CVE-2025-34272

5.3MEDIUM

Key Information:

Vendor

NagiOS

Status
Log Server
Vendor
CVE Published:
30 October 2025

What is CVE-2025-34272?

In versions prior to 2024R2.0.3 of Nagios Log Server, an issue occurs when a user's configured default dashboard is deleted. The application fails to revert to an empty, default dashboard reliably, potentially displaying an unexpected dashboard as the user's new default view. This behavior can result in unintended access to sensitive information or escalation of user privileges, depending on the sharing and access policies in place for dashboards within the product.

Affected Version(s)

Log Server 0 < 2024R2.0.3

References

https://www.nagios.com/products/security/#log-server-2024R2
vendor-advisorypatch
https://www.nagios.com/changelog/#log-server
release-notespatch
https://www.vulncheck.com/advisories/nagios-log-server-no...
third-party-advisory

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-34272 : Information Exposure in Nagios Log Server Versions Prior to 2024R2.0.3