Local Privilege Escalation Vulnerability in Nagios XI by Nagios
CVE-2025-34288

8.6HIGH

Key Information:

Vendor: NagiOS Enterprises
Status: NagiOS Xi
Vendor: CVE Published:; 16 December 2025

🔔 Create NagiOS Enterprises Vulnerability Alert

What is CVE-2025-34288?

Nagios XI, specifically versions prior to 2026R1.1, exhibits a vulnerability that allows local privilege escalation. The issue arises from an insecure interaction between sudo permissions and the file permissions of application components. A maintenance script that can be accessed by users may be incorrectly executed with root privileges through sudo, exposing a writable application file. This allows a local attacker with access to modify the file to include malicious code. When the script is subsequently executed, it operates under elevated privileges, leading to the possibility of arbitrary code execution as the root user.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Nagios XI 0 < 2026R1.1

References

https://www.nagios.com/changelog/nagios-xi/2026r1-1/

release-notespatch

https://www.vulncheck.com/advisories/nagios-xi-privilege-...

third-party-advisory

CVSS V4

Score:

8.6

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Dec 16, 2025
Vulnerability Reserved
Apr 15, 2025

Credit

M. Cory Billington of theyhack.me

JSON

NagiOS Enterprises

What is CVE-2025-34288?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V4

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.