CVE-2025-34280

NagiosNetwork Analyzer versions prior to2024R2.0.1 contain a vulnerability in the LDAP certificate management functionality whereby the certificate removal operation fails to apply adequate input sanitation. An authenticated administrator can trigger command execution on the underlying host in the context of the web application service, resulting in remote code execution with the service's privileges.
OS Command Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
UNKNOWN
---
VulnCheckCNA
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Common Weakness Enumeration
References
https://www.nagios.com/changelog/nagios-network-analyzer/
https://www.nagios.com/products/security/#network-analyzer
https://www.vulncheck.com/advisories/nagios-network-analyzer-rce-in-ldap-certificate-removal-function