Authenticated Command Injection in Nagios Log Server by Nagios
CVE-2025-34322
Key Information:
- Vendor
NagiOS
- Status
- Vendor
- CVE Published:
- 17 November 2025
Badges
What is CVE-2025-34322?
Nagios Log Server prior to version 2026R1.0.1 is vulnerable to an authenticated command injection flaw stemming from its experimental 'Natural Language Queries' functionality. This vulnerability allows authenticated users with access to global configuration to execute arbitrary system commands. The flaw arises because configuration values are read from application settings and used in system commands without sufficient validation of input. Consequently, an attacker can leverage this vulnerability to compromise the underlying system by executing commands with the privileges of the web server account.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
Log Server 0 < 2026R1.0.1
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved