Nagios Fusion < R2.1 2FA Lack of Re-Authentication or Session...

8.6 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Description

Nagios Fusion versions prior to R2.1 contain a vulnerability due to the application not requiring re-authentication or session rotation when a user has enabled two-factor authentication (2FA). As a result, an adversary who has obtained a valid session could continue using the active session after the target user enabled 2FA, potentially preventing the legitimate user from locking the attacker out and enabling persistent account takeover.

AI Analysis

Lack of re-authentication or session rotation in Nagios Fusion when 2FA is enabled, allowing for potential account takeover

Basic Information

ID CVE-2025-34269

Source VulnCheck

Published Oct 30, 2025 at 21:19

Affected Product

Vendor Nagios

Product Fusion

Affected Versions Nagios Fusion 0

CWE Classification

CWE-613

AI Assessment

AI Score 8.6 / 10

AI Severity High

Vendor Nagios

Product Nagios Fusion

Version < R2.1

References

{
    "lastseen": "",
    "description": "Nagios Fusion versions prior to R2.1 contain a vulnerability due to the application not requiring re-authentication or session rotation when a user has enabled two-factor authentication (2FA). As a result, an adversary who has obtained a valid session could continue using the active session after the target user enabled 2FA, potentially preventing the legitimate user from locking the attacker out and enabling persistent account takeover.",
    "published": "2025-10-30T21:19:26.752Z",
    "modified": "2025-10-30T21:19:26.752Z",
    "type": "cve",
    "title": "Nagios Fusion < R2.1 2FA Lack of Re-Authentication or Session Rotation",
    "source": "VulnCheck",
    "references": "https://www.nagios.com/products/security/#fusion\nhttps://www.nagios.com/changelog/nagios-fusion/\nhttps://www.vulncheck.com/advisories/nagios-fusion-2fa-lack-of-reauthentication-or-session-rotation",
    "id": "CVE-2025-34269",
    "bulletinFamily": "",
    "cwe": [
        "CWE-613"
    ],
    "cvelist": null,
    "sourceData": "Nagios Fusion 0",
    "sourceHref": "",
    "cvss": {
        "score": 8.6,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Fusion",
    "version": "0",
    "vendor": "Nagios",
    "ai_description": "Lack of re-authentication or session rotation in Nagios Fusion when 2FA is enabled, allowing for potential account takeover",
    "ai_severity": "High",
    "ai_vendor": "Nagios",
    "ai_product": "Nagios Fusion",
    "ai_version": "< R2.1",
    "ai_score": 8.6
}

Nagios Fusion < R2.1 2FA Lack of Re-Authentication or Session Rotation_CVE-2025-34269