Nagios Log Server < 2024R2.0.3 Non-Empty Default Dashboard Fallback

5.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Description

In Nagios Log Server versions prior to 2024R2.0.3, when a user's configured default dashboard is deleted, the application does not reliably fall back to an empty, default dashboard. In some implementations this can result in an unexpected dashboard being presented as the user's default view. Depending on the product's dashboard sharing and access policies, this behavior may cause information exposure or unexpected privilege exposure.

Basic Information

ID CVE-2025-34272

Source VulnCheck

Published Oct 30, 2025 at 21:25

Affected Product

Vendor Nagios

Product Log Server

Affected Versions Nagios Log Server 0

CWE Classification

CWE-200

References

{
    "lastseen": "",
    "description": "In Nagios Log Server versions prior to 2024R2.0.3, when a user's configured default dashboard is deleted, the application does not reliably fall back to an empty, default dashboard. In some implementations this can result in an unexpected dashboard being presented as the user's default view. Depending on the product's dashboard sharing and access policies, this behavior may cause information exposure or unexpected privilege exposure.",
    "published": "2025-10-30T21:25:10.601Z",
    "modified": "2025-10-30T21:25:10.601Z",
    "type": "cve",
    "title": "Nagios Log Server < 2024R2.0.3 Non-Empty Default Dashboard Fallback",
    "source": "VulnCheck",
    "references": "https://www.nagios.com/products/security/#log-server-2024R2\nhttps://www.nagios.com/changelog/#log-server\nhttps://www.vulncheck.com/advisories/nagios-log-server-non-empty-default-dashboard-fallback",
    "id": "CVE-2025-34272",
    "bulletinFamily": "",
    "cwe": [
        "CWE-200"
    ],
    "cvelist": null,
    "sourceData": "Nagios Log Server 0",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Log Server",
    "version": "0",
    "vendor": "Nagios",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Nagios Log Server < 2024R2.0.3 Non-Empty Default Dashboard Fallback_CVE-2025-34272