Stored XSS Vulnerability in Nagios Network Analyzer
CVE-2025-34278

5.1MEDIUM

Key Information:

Vendor

NagiOS

Status
Network Analyzer
Vendor
CVE Published:
30 October 2025

What is CVE-2025-34278?

The Nagios Network Analyzer, specifically in versions before 2024R1, is susceptible to a stored cross-site scripting (XSS) vulnerability located on the Source Groups page within the percentile calculator menu. This vulnerability allows an attacker to inject a malicious script that is stored in the application's database. When a user accesses the compromised page, the malicious script executes within the user's browser session, potentially leading to unauthorized data exposure and user impersonation. It is crucial for users to update to the latest version to safeguard against this type of cyber threat.

Affected Version(s)

Network Analyzer 0 < 2024R1

References

https://www.nagios.com/products/security/#network-analyzer
vendor-advisorypatch
https://www.nagios.com/changelog/#network-analyzer
release-notespatch
https://www.vulncheck.com/advisories/nagios-network-analy...
third-party-advisory

CVSS V4

Score:
5.1
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Tisha Manandhar
JSON
.
CVE-2025-34278 : Stored XSS Vulnerability in Nagios Network Analyzer