Remote Code Execution Vulnerability in Nagios XI by Nagios Enterprises
CVE-2025-34286

9.4CRITICAL

Key Information:

Vendor: NagiOS
Status: Xi
Vendor: CVE Published:; 30 October 2025

What is CVE-2025-34286?

Nagios XI, a powerful IT monitoring solution, has a vulnerability in the Core Config Manager (CCM) Run Check command that could allow authenticated administrators to execute arbitrary commands on the server. This vulnerability arises from insufficient validation and escaping of parameters, enabling shell metacharacter injection. If exploited, it could result in unauthorized control over the underlying host operating system, posing serious risks to the integrity and security of the system.