Remote Code Execution Vulnerability in Nagios Network Analyzer by Nagios
CVE-2025-34280

8.6HIGH

Key Information:

Vendor: NagiOS
Status: Network Analyzer
Vendor: CVE Published:; 30 October 2025

What is CVE-2025-34280?

Nagios Network Analyzer versions before 2024R2.0.1 have a security flaw in the LDAP certificate management functionality. This vulnerability allows an authenticated administrator to exploit inadequate input sanitation during the certificate removal process. As a result, it can lead to command execution on the underlying host with the privileges of the web application service, posing significant security risks.

Affected Version(s)

Network Analyzer 0 < 2024R2.0.1

References

https://www.nagios.com/products/security/#network-analyzer

vendor-advisorypatch

https://www.nagios.com/changelog/nagios-network-analyzer/

release-notespatch

https://www.vulncheck.com/advisories/nagios-network-analy...

third-party-advisory

CVSS V4

Score:

8.6

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 30, 2025
Vulnerability Reserved
Apr 15, 2025

Credit

Haoyu Li

Shiwu Zhao

rmb122

rry

Xingchen Chen

Ru Tan

Qixu Liu

JSON

NagiOS

What is CVE-2025-34280?

Affected Version(s)

References

CVSS V4

Timeline

Credit