CVE-2025-34280

EUVD-2025-37216
Nagios Network Analyzer versions prior to 2024R2.0.1 contain a vulnerability in the LDAP certificate management functionality whereby the certificate removal operation fails to apply adequate input sanitation. An authenticated administrator can trigger command execution on the underlying host in the context of the web application service, resulting in remote code execution with the service's privileges.
OS Command Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.2 HIGH
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 63%
Affected Products (NVD)
VendorProductVersion
nagiosnetwork_analyzer
𝑥
< 2024
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.nagios.com/changelog/nagios-network-analyzer/
https://www.nagios.com/products/security/#network-analyzer
https://www.vulncheck.com/advisories/nagios-network-analyzer-rce-in-ldap-certificate-removal-function