Elasticsearch Service Disruption in Nagios Log Server by Nagios
CVE-2025-44824

8.5HIGH

Key Information:

Vendor: NagiOS
Status: Log Server
Vendor: CVE Published:; 7 October 2025

What is CVE-2025-44824?

Users with read-only API access in Nagios Log Server prior to version 2024R1.3.2 can exploit a specific API endpoint to stop the Elasticsearch service. This can result in an unexpected halt of the service, despite an error message indicating the operation could not be completed. This vulnerability can potentially disrupt monitoring and logging operations, exposing systems to further risks if not addressed promptly.

Affected Version(s)

Log Server 0 < 2024R1.3.2

References

https://www.nagios.com/changelog/#log-server

https://github.com/skraft9/nagios-log-server-dos

CVSS V3.1

Score:

8.5

Severity:

HIGH

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 7, 2025
Vulnerability Reserved
Apr 22, 2025

JSON

NagiOS

What is CVE-2025-44824?

Affected Version(s)

References

CVSS V3.1

Timeline