Authorization Flaw in Nagios Log Server Enables Dashboard Deletions by Non-Admins
CVE-2025-34273

7.1HIGH

Key Information:

Vendor

NagiOS

Status
Log Server
Vendor
CVE Published:
30 October 2025

What is CVE-2025-34273?

Nagios Log Server versions before 2024R2.0.3 are susceptible to an incorrect authorization vulnerability. This issue permits non-administrator users to delete global dashboards without the necessary permissions, compromising the integrity of shared monitoring environments. As the application fails to enforce adequate authorization checks during the dashboard deletion process, affected users can inadvertently remove critical dashboards that are vital for other team members, potentially impacting overall system monitoring and operations.

Affected Version(s)

Log Server 0 < 2024R2.0.3

References

https://www.nagios.com/products/security/#log-server-2024R2
vendor-advisorypatch
https://www.nagios.com/changelog/#log-server
release-notespatch
https://www.vulncheck.com/advisories/nagios-log-server-no...
third-party-advisory

CVSS V4

Score:
7.1
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-34273 : Authorization Flaw in Nagios Log Server Enables Dashboard Deletions by Non-Admins