Remote Code Execution Vulnerability in Nagios XI by Nagios Enterprises
CVE-2025-34286

9.4CRITICAL

Key Information:

Vendor

NagiOS

Status
Xi
Vendor
CVE Published:
30 October 2025

What is CVE-2025-34286?

Nagios XI, a powerful IT monitoring solution, has a vulnerability in the Core Config Manager (CCM) Run Check command that could allow authenticated administrators to execute arbitrary commands on the server. This vulnerability arises from insufficient validation and escaping of parameters, enabling shell metacharacter injection. If exploited, it could result in unauthorized control over the underlying host operating system, posing serious risks to the integrity and security of the system.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

XI 0 < 2026R1

References

https://www.nagios.com/products/security/#nagios-xi
vendor-advisorypatch
https://www.nagios.com/changelog/nagios-xi/
release-notespatch
https://www.vulncheck.com/advisories/nagios-xi-rce-via-ru...
third-party-advisory

CVSS V4

Score:
9.4
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

D3LT4
JSON
.