Nagios XI < 2024R1.4.2 Overly Permissive Permissions on Systemd Unit...

5.1 / 10

MEDIUM

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Description

Nagios XI versions prior to 2024R1.4.2 configure some systemd unit files with permission sets that were too permissive. In particular, the nagios.service unit had executable permissions that were not required. Overly permissive permissions on service unit files can broaden local attack surface by enabling unintended execution behaviors or facilitating abuse of service operations when combined with other weaknesses.

Basic Information

ID CVE-2025-34135

Source VulnCheck

Published Oct 30, 2025 at 21:39

Affected Product

Vendor Nagios

Product XI

CWE Classification

CWE-732

References

{
    "lastseen": "",
    "description": "Nagios XI versions prior to\u00a02024R1.4.2\u00a0configure some systemd unit files with permission sets that were too permissive. In particular, the nagios.service unit had executable permissions that were not required. Overly permissive permissions on service unit files can broaden local attack surface by enabling unintended execution behaviors or facilitating abuse of service operations when combined with other weaknesses.",
    "published": "2025-10-30T21:39:22.649Z",
    "modified": "2025-10-30T21:39:22.649Z",
    "type": "cve",
    "title": "Nagios XI < 2024R1.4.2 Overly Permissive Permissions on Systemd Unit Files",
    "source": "VulnCheck",
    "references": "https://www.nagios.com/products/security/#nagios-xi\nhttps://www.nagios.com/changelog/nagios-xi/\nhttps://www.vulncheck.com/advisories/nagios-xi-overly-permissive-permissions-on-systemd-unit-files",
    "id": "CVE-2025-34135",
    "bulletinFamily": "",
    "cwe": [
        "CWE-732"
    ],
    "cvelist": null,
    "sourceData": "",
    "sourceHref": "",
    "cvss": {
        "score": 5.1,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "XI",
    "version": "0",
    "vendor": "Nagios",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Nagios XI < 2024R1.4.2 Overly Permissive Permissions on Systemd Unit Files_CVE-2025-34135